Generally, organizations such as institutes and companies use various security products to prevent security threats. For endpoint systems alone, there are not only anti-malware solutions, but also firewalls, APT defense solutions and products such as EDR. Even in general user environments without separate organization responsible for security, most of them have basic security products installed.…
Author: Ahnlab
StealC malware disguised as an installer is being distributed in large quantities .
It has been confirmed to be downloaded from Discord, GitHub, Dropbox, etc. , and considering previous cases of distribution in a similar manner , it is presumed that the malicious page disguised as a specific program download page will lead to the download URL through several redirects .…
The digital device that we use the most in our daily lives is mobile phone. It is used in a wide range of daily activities such as communication, searching, shopping, making payment, verifying identity, and investing. Some people do not own personal computers, but almost everyone these days have mobile phones.…
AhnLab SEcurity intelligence Center (ASEC) confirmed that CryptoWire ransomware, which was created based on open source and was popular in 2018, is currently being distributed.
[Figure 1] CryptoWire GithubCryptoWire ransomware is mainly distributed through phishing emails and is characterized by being created with Autoit script.…
AhnLab SEcurity intelligence Center (ASEC) recently discovered the distribution of an infostealer disguised as the Adobe Reader installer. The threat actor is distributing the file as PDF, prompting users to download and run the file.
As shown in the Figure 1, the fake PDF file is written in Portuguese, and the message tells the users to download the Adobe Reader and install it.…
An MSIX malware disguised as the Notion installer is being distributed. The distribution website looks similar to that of the actual Notion homepage.
Figure 1. Website that distributes malware
The user gets a file named ‘Notion-x86.msix’ upon clicking the download button. This file is Windows app installer, and it is signed with a valid certificate.…
AhnLab SEcurity intelligence Center (ASEC) has found numerous cases of threat actors attacking vulnerable Korean servers. This post introduces one of the recent case in which the threat actor ‘z0Miner’ attacked Korean WebLogic servers.
z0Miner was first introduced by Tencent Security, a Chinese Internet service provider.…
AhnLab Security intelligence Center (ASEC) has recently discovered the distribution of backdoor malware via aNotepad, a free online notepad platform. Said malware supports both the PE format that targets the Windows system and the ELF format that targets the Linux system. As the threat actor used the string ‘WingOfGod’ during the development of the malware, it is classified as WogRAT.…
We are connected to the digital world that provides us with numerous utilities and entertainment, but sometimes it presents us with undesirable encounters. Online frauds and scams are examples of such encounters. Online scams are not simply at the level of disrupting individuals’ daily lives like mass-marketed commercial spam emails.…