Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Private HTS Program Continuously Used in Attacks

July 17, 2024, 2:35 p.m.

Description

This report outlines a continuous campaign where a threat actor distributes malware, including Quasar RAT, through a private home trading system (HTS) named HPlus. The malware is initially delivered via an MSI installer, and users who request remote assistance inadvertently execute the AnyDesk software. The updater program connects to an FTP server controlled by the attacker to retrieve a compressed file containing additional malware components. While users may lose investments through the scam, the threat actor can now gain control of infected systems and steal data. The report emphasizes the importance of using official HTS from reputable institutions and keeping software up-to-date.

Date

Published: July 17, 2024, 2:19 p.m.

Created: July 17, 2024, 2:19 p.m.

Modified: July 17, 2024, 2:35 p.m.

Indicators

103.136.199.131

Attack Patterns

Quasar RAT

T1022

T1574

T1105

T1569

T1219

T1036

T1204

T1027

T1072

T1059

Additional Informations

Finance

Korea, Republic of