AhnLab Security Intelligence Center (ASEC) recently discovered that malware strains are downloaded into systems when users try to download security programs from a Korean construction-related association’s website. Login is required to use the website’s services, and various security programs must be installed to log in. Among the programs that must be installed for login, one of the installers had malware strains inside. When the user downloads and installs the installer, the malware strains are also installed along with the security program. The two types of malware strains installed through this process are as follows: a backdoor malware that receives the threat actor’s commands externally and then carries them out, and an Infostealer that collects information from the infected systems. Therefore, users may be victims of user credentials theft, simply by installing security programs from the official website.
Disclaimer: This article is part of X-Force OSINT Advisories’ automated collection to enable faster integration of open-source articles to client environments. All credit and copyright goes to the original authors.
Reference: https://asec.ahnlab.com/en/61934/
Sample Indicators of Compromise:
http://ar.kostin.p-e.kr/index.php:http://ai.bananat.p-e.kr/index.php:87429e9223d45e0359cd1c41c030183642ea65fda0f92bbeca5f4535155125c7http://ai.daysol.p-e.kr/index.php:
