AhnLab’s Mobile Analysis Team has confirmed cases of romance scams where perpetrators establish rapport by posing as overseas friends or romantic partners. They exploit this connection to solicit money under …
Author: Ahnlab
AhnLab SEcurity intelligence Center (ASEC) has recently identified RemcosRAT being distributed using the steganography technique. Attacks begin with a Word document using the template injection technique, after which an RTF …
AhnLab SEcurity intelligence Center (ASEC) has discovered evidence of a malware strain being distributed to web servers in South Korea, leading users to an illegal gambling site. After initially infiltrating …
AhnLab SEcurity intelligence Center (ASEC) has recently discovered circumstances of a CHM malware strain that steals user information being distributed to Korean users. The distributed CHM is a type that …
AhnLab SEcurity intelligence Center (ASEC) has confirmed the continuous distribution of shortcut files (*.LNK) of abnormal sizes that disseminate backdoor-type malware. The recently confirmed shortcut files (*.LNK) are found to …
With the advancement of scamming technology, determining the authenticity of a site solely based on appearance has become exceedingly difficult. In the past, it was possible to identify fakes by …
While monitoring attacks targeting MS-SQL servers, AhnLab SEcurity intelligence Center (ASEC) recently identified cases of the TargetCompany ransomware group installing the Mallox ransomware. The TargetCompany ransomware group primarily targets improperly …
Malware (Beast ransomware, Vidar infostealer) being distributed with copyright infringement content.
AhnLab SEcurity intelligence Center (ASEC) has discovered an Infostealer strain made with Electron.
Electron is a framework that allows one to develop apps using JavaScript, HTML, and CSS. Discord and …
AhnLab SEcurity intelligence Center (ASEC) confirmed that abnormally sized link files (*.LNK) that spread backdoor-type malware are being steadily distributed. It is confirmed that the recently confirmed link file (*.LNK) …
AhnLab SEcurity intelligence Center (ASEC) has recently identified the distribution of phishing files identical to Korean portal website login screens. Cases impersonating multiple Korean portal websites, logistics and shipping brands, …
AhnLab SEcurity intelligence Center (ASEC) recently discovered that the Metasploit Meterpreter backdoor has been installed via the Redis service. Redis is an abbreviation of Remote Dictionary Server, which is an …
Pupy is a RAT malware strain that offers cross-platform support. Because it is an open-source program published on GitHub, it is continuously being used by various threat actors including APT …
AhnLab SEcurity intelligence Center (ASEC) has recently identified the distribution of a modified version of “mimeTools.dll”, a default Notepad++ plug-in. The malicious mimeTools.dll file in question was included in the …
Online investment scams these days are no longer an issue limited to specific nations, now becoming a social issue prevalent around the globe. Scammers (criminals) deceive their victims through illegal …
AhnLab SEcurity intelligence Center (ASEC) recently found that there are a growing number of cases where threat actors use YouTube to distribute malware. The attackers do not simply create YouTube …
Recently, AhnLab SEcurity intelligence Center (ASEC) discovered the distribution of Rhadamanthys under the guise of an installer for groupware. The threat actor created a fake website to resemble the original …
AhnLab SEcurity intelligence Center (ASEC) recently confirmed that “mimeTools.dll,” a basic plugin for Notepad++, had been altered and distributed. The malicious mimeTools.dll file was included in the installation file of …
AhnLab SEcurity intelligence Center (ASEC) has recently confirmed that the number of cases where attackers are using YouTube for the purpose of distributing malware is increasing. Rather than simply creating …
“Hey, This Isn’t the Right Site!” Distribution of Malware Exploiting Google Ads Tracking – ASEC BLOG
____________________
Summary: AhnLab Security Intelligence Center (ASEC) has discovered a malware strain that exploits Google Ads tracking to distribute malicious files. The malware disguises itself as installers for popular groupware …
AhnLab SEcurity intelligence Center (ASEC) recently discovered the Kimsuky group distributing malware disguised as an installer from a Korean public institution. The malware in question is a dropper that creates …
AhnLab SEcurity intelligence Center (ASEC) recently used Google’s advertising tracking function to detect exactly how malware is being distributed. In a confirmed case, malware disguised as a groupware installation program used …
Web browsers are some of the programs most commonly and frequently used by PC users. Users generally use browsers to look up information, send and receive emails, and use web …
AhnLab SEcurity intelligence Center (ASEC) recently discovered the Andariel group’s continuous attacks on Korean companies. It is notable that installations of MeshAgent were found in some cases. Threat actors often …
AhnLab SEcurity intelligence Center (ASEC) recently discovered the distribution of CryptoWire, a ransomware that was once viral in 2018.
Figure 1. CryptoWire Github
CryptoWire is mainly distributed via phishing emails …
Sextortion scam is defined as the crime of blackmailing victims using their sensitive information to inflict great psychological distress and extort them. Victims not only suffer from immediate financial losses …
Generally, organizations such as institutes and companies use various security products to prevent security threats. For endpoint systems alone, there are not only anti-malware solutions, but also firewalls, APT defense …
StealC malware disguised as an installer is being distributed in large quantities .
It has been confirmed to be downloaded from Discord, GitHub, Dropbox, etc. , and considering previous cases …
The digital device that we use the most in our daily lives is mobile phone. It is used in a wide range of daily activities such as communication, searching, shopping, …
AhnLab SEcurity intelligence Center (ASEC) confirmed that CryptoWire ransomware, which was created based on open source and was popular in 2018, is currently being distributed.
[Figure 1] CryptoWire GithubCryptoWire …
AhnLab SEcurity intelligence Center (ASEC) recently discovered the distribution of an infostealer disguised as the Adobe Reader installer. The threat actor is distributing the file as PDF, prompting users to …