Description
This report outlines a continuous campaign where a threat actor distributes malware, including Quasar RAT, through a private home trading system (HTS) named HPlus. The malware is initially delivered via an MSI installer, and users who request remote assistance inadvertently execute the AnyDesk software. The updater program connects to an FTP server controlled by the attacker to retrieve a compressed file containing additional malware components. While users may lose investments through the scam, the threat actor can now gain control of infected systems and steal data. The report emphasizes the importance of using official HTS from reputable institutions and keeping software up-to-date.
Date
| Published | Created | Modified |
|---|---|---|
| July 17, 2024, 2:19 p.m. | July 17, 2024, 2:19 p.m. | July 17, 2024, 2:35 p.m. |
Attack Patterns
Quasar RAT
T1022
T1574
T1105
T1569
T1219
T1036
T1204
T1027
T1072
T1059
Additional Informations
Finance
Korea, Republic of