lazarusholic

Everyday is lazarus.dayβ

Account Credential-Stealing Malware Detected by AhnLab MDS (Web Browsers, Email, FTP)

2024-02-01, Ahnlab
https://asec.ahnlab.com/en/61082/
#Kimsuky #Andariel

Contents

For convenience, users frequently use automatic login feature provided by programs like web browsers, email clients, and FTP clients. This allows programs to store user account credentials in their settings data. Therefore, despite being a convenient feature, this poses a security risk because threat actors are then able to leak the users’ account credentials easily.
If malware or threat actors gain control of an infected system, they can employ various tools to extract users’ account credentials. Additionally, there are specifically designed Infostealers crafted for the sole purpose of extorting account credentials. If the malware is already known, anti-malware software installed on the endpoint can effectively respond to it. However, in order to handle unknown malware, AhnLab Malware Defense System (MDS) is necessary.
AhnLab MDS is a sandbox-based file analysis solution that executes files in a virtual environment to analyze their behavior. Since even new files exhibit known malicious behaviors, AhnLab MDS can …