webhard

Orcus RAT Being Distributed Disguised as a Hangul Word Processor Crack

The ASEC analysis team recently identified Orcus RAT being distributed on file-sharing sites disguised as a cracked version of Hangul Word Processor. The threat actor that distributed this malware is the same person that distributed BitRAT and XMRig CoinMiner disguised as a Windows license verification tool on file-sharing sites.[1] The malware distributed by the threat actor has a similar form as those of the past, except for the fact that Orcus RAT was used instead of BitRAT. Furthermore, the new malware…

HackHound IRC Bot Being Distributed via Webhards

Webhards are the main platforms that the attackers targeting Korean users exploit to distribute malware. The ASEC analysis team has been monitoring malware types distributed through webhards and uploaded multiple blog posts about them in the past. Generally, attackers distribute malware through illegal programs such as adult games and crack versions of games. Those who use webhards as a distribution path typically install RAT type malware such as njRAT, UdpRAT, and DDoS IRC Bot. As shown in the cases covered…

Monero CoinMiner Being Distributed via Webhards

Webhards are the main platforms that the attackers targeting Korean users exploit to distribute malware. The ASEC analysis team has been monitoring malware types distributed through webhards and uploaded multiple blog posts about them in the past. Generally, attackers distribute malware with illegal programs such as adult games and crack versions of games. Those who use webhards as a distribution path typically install RAT type malware such as njRAT, UdpRAT, and DDoS IRC Bot. The team has recently discovered the…

BitRAT Disguised as Windows Product Key Verification Tool Being Distributed

The ASEC analysis team has recently discovered BitRAT which is being distributed via webhards. Because the attacker disguised the malware as Windows 10 license verification tool from the development stage, users who download illegal crack tools from webhard and install it to verify Windows license are at risk of having BitRAT installed into their PC. The following shows a post that was uploaded to webhard, one that harbors the malware. The title is [New][Quick Install]Windows License Verification[One-click]. A compressed file…

njRAT Being Distributed via Webhards

Webhards is a platform used to distribute malware, and it is mainly used by attackers that mainly target Korean users. The ASEC analysis team has been monitoring malware types distributed through webhards and has uploaded multiple blog posts about them in the past. Various types of malware are used recently such as UdpRat or DDoS IRC Bot developed with GoLang, but njRAT had been used in multiple attacks in the past. njRAT Malware Distributed via Major Korean Webhard 파일 공유…