- AhnLab Security Intelligence Center (ASEC) has confirmed that a malicious code called CHM, which steals user information, is being distributed to domestic users.
- The CHM being distributed is a type that has been consistently distributed through various formats such as LNK, DOC, OneNote, etc., and recently some changes have been observed in its behavior.
- The overall execution process is shown in [Figure 1]. It is a type that sends user information and keylog data to the attacker through multiple scripts, and each execution process is introduced below.
- When CHM is executed, the help window that is created is shown in [Figure 2], and it appears to have used the same phrases as in the past.
https://asec.ahnlab.com/ko/64612/
No tags for this post.