AhnLab SEcurity intelligence Center (ASEC) recently discovered the distribution of Revenge RAT malware that had been developed based on legitimate tools. It appears that the attackers have used tools such as ‘smtp-validator’ and ‘Email To Sms’. At the time of execution, the malware creates and runs both a legitimate tool and a malicious file, making it difficult for users to realize that a malicious activity has occurred. As shown in the code below, the threat actor creates and runs Setup.exe (malicious file) before executing smtp-verifier.exe (legitimate tool). The created file’s property changes to ‘Hidden’ and the file becomes hidden from typical Windows Explorer environments. The figure below shows the overall flow of the malicious activities that follow afterward. Many files...

What is the LODEINFO malware? Analysis of LODEINFO The infection flow Update of the Downloader Shellcode Remote Template Injection Maldoc VBA code embedded in M…