Malicious LNK Disguised as Notices
Contents
Malicious LNK Disguised as Notices
AhnLab SEcurity intelligence Center (ASEC) recently discovered a malicious LNK file being distributed to Korean users for the purpose of stealing user information. This type of malware collects various valuable data for threat actors, such as data related to virtual assets, browsers, public certificates, and email files, and it also performs keylogging.
The confirmed malicious LNK file has the following file name disguised as a notice.
| Local Tax Bill.pdf.lnk |
| Public Disclosure of Sex Offender Information.pdf.lnk |
Table 1. Distributed file names
When the user executes the LNK file, an additional HTA file is downloaded from the threat actor’s server and executed in the temp folder. The HTA file contains a compressed file (ZIP) and a bait document (PDF). The bait document is shown below.
Figure 1. Bait document disguised as notices (i.e., Local tax bill and public disclosure of sex offender information)
The compressed file (ZIP) contains a total of …
AhnLab SEcurity intelligence Center (ASEC) recently discovered a malicious LNK file being distributed to Korean users for the purpose of stealing user information. This type of malware collects various valuable data for threat actors, such as data related to virtual assets, browsers, public certificates, and email files, and it also performs keylogging.
The confirmed malicious LNK file has the following file name disguised as a notice.
| Local Tax Bill.pdf.lnk |
| Public Disclosure of Sex Offender Information.pdf.lnk |
Table 1. Distributed file names
When the user executes the LNK file, an additional HTA file is downloaded from the threat actor’s server and executed in the temp folder. The HTA file contains a compressed file (ZIP) and a bait document (PDF). The bait document is shown below.
Figure 1. Bait document disguised as notices (i.e., Local tax bill and public disclosure of sex offender information)
The compressed file (ZIP) contains a total of …
IoC
https://nid-naveroup.servepics.com/docs/revenue.zip