- AhnLab Security Intelligence Center (ASEC) has previously introduced cases where AsyncRAT was distributed through various file extensions (.chm, .wsf, .lnk) to hide malicious code. Attackers have been observed using legitimate document files with “survey” content as bait files to conceal malicious code.
- Recently, cases have been identified where malicious code is disguised as e-books for distribution.
- The compressed file disguised as an e-book contains a malicious LNK file disguised as a compressed file icon, a text file containing a malicious PowerShell script, additional compressed files disguised as video extensions, and legitimate e-book files.
- The post “전자책으로 위장하여 유포되는 AsyncRAT” provides an overview of the distribution of AsyncRAT disguised as e-books.
https://asec.ahnlab.com/ko/67571/
No tags for this post.