Private HTS program continuously used for attacks

  • AhnLab Security Intelligence Center (ASEC) has previously covered cases of attacks using the Quasar RAT through private Home Trading Systems (HTS) in a blog post.
  • The same attacker continues to distribute malware, and recent attack cases have been confirmed.
  • The malware, named HPlus, is distributed through an HTS called Quasar RAT, and the overall infection flow is similar to previous cases, but with the difference that an MSI installer is used instead of an NSIS installer.
  • It is worth noting that the attacker also provides remote support, and if a user requests remote support, the installed AnyDesk program is executed when the “Remote Support” button is clicked.

https://asec.ahnlab.com/ko/67881/

No tags for this post.