February 2025 APT Group Trends (South Korea)
Overview AhnLab is monitoring Advanced Persistent Threat (APT) attacks in South Korea using its own infrastructure. This report covers the classification, statistics, and features of the APT attacks in South Korea that were identified in February 2025, as well as the attack types. Figure 1. Statistics of APT
Android Malware & Security Issue 1st Week of November, 2024
ASEC Blog publishes “Android Malware & Security Issue 1st Week of November, 2024”
Android Malware & Security Issue 5st Week of October, 2024
ASEC Blog publishes “Android Malware & Security Issue 5st Week of October, 2024”
RAT Malware Operating via Discord Bot
Discord is a social platform where users can create servers to form communities and communicate in real-time, supporting voice, video, and text chat. While it initially gained popularity among gamers, it has now expanded into a space where groups with diverse interests gather to communicate. A Discord Bot is a
WrnRAT Distributed Under the Guise of Gambling Games
AhnLab SEcurity intelligence Center (ASEC) recently discovered that malware was being distributed under the guise of gambling games such as badugi, 2-player go-stop, and hold’em. The threat actor created a website disguised as a gambling game site, and if the game launcher is downloaded, it installs malware that can control
Distribution of AsyncRAT Disguised as Ebook
1. Overview AhnLab SEcurity intelligence Center (ASEC) covered cases of AsyncRAT being distributed via various file extensions (.chm, .wsf, and .lnk). [1] [2] In the aforementioned blog posts, it can be seen that the threat actor used normal document files disguised as questionnaires to conceal the malware. In a similar vein, there
RemcosRAT Distributed Using Steganography
AhnLab SEcurity intelligence Center (ASEC) has recently identified RemcosRAT being distributed using the steganography technique. Attacks begin with a Word document using the template injection technique, after which an RTF that exploits a vulnerability in the equation editor (EQNEDT32.EXE) is downloaded and executed. The RTF file downloads a VBScript with
Remcos RAT Distributed via Webhards
While monitoring the distribution sources of malware in South Korea, AhnLab SEcurity intelligence Center (ASEC) recently found that the Remcos RAT malware disguised as adult games is being distributed via webhards. Webhards and torrents are platforms commonly used for the distribution of malware in Korea. Attackers normally use easily obtainable
HiddenGh0st Malware Attacking MS-SQL Servers
Gh0st RAT is a remote control malware developed by the C. Rufus Security Team from China. Due to its source code being publicly available, malware developers use it as a reference as they continue developing numerous variants that are still actively used in attacks. Although the source code is public,
Orcus RAT Being Distributed Disguised as a Hangul Word Processor Crack
The ASEC analysis team recently identified Orcus RAT being distributed on file-sharing sites disguised as a cracked version of Hangul Word Processor. The threat actor that distributed this malware is the same person that distributed BitRAT and XMRig CoinMiner disguised as a Windows license verification tool on file-sharing sites.[1] The malware
