Private HTS Program Continuously Used in Attacks

Tags

External References

• https://asec.ahnlab.com/
• https://otx.alienvault.com/

Description

This report outlines a continuous campaign where a threat actor distributes malware, including Quasar RAT, through a private home trading system (HTS) named HPlus. The malware is initially delivered via an MSI installer, and users who request remote assistance inadvertently execute the AnyDesk software. The updater program connects to an FTP server controlled by the attacker to retrieve a compressed file containing additional malware components. While users may lose investments through the scam, the threat actor can now gain control of infected systems and steal data. The report emphasizes the importance of using official HTS from reputable institutions and keeping software up-to-date.

Date