AhnLab recently discovered numerous intelligent phishing emails that distribute information theft malware (infostealer) under the guise of a 'notification of legal violation' and urged caution on the 26th.
In a case disclosed by AhnLab, the attacker impersonated a domestic law firm and sent an email stating, 'As a legal representative of a corporation that is the copyright owner, I am notifying you of your copyright infringement.'
The attacker inserted a URL in the phrase 'document collected from the police.pdf' to disguise it as an attachment and prompted users to click by stating, 'I am attaching evidence of the infringement.' They also added that 'the material will be used as evidence in disputes and legal proceedings' to exert psychological pressure on the recipient.
Clicking on the disguised phrase will download a compressed file (.zip) that includes an executable file (.exe) and dynamic link library (DLL) files. In the case of the executable file, the '.pdf' extension was inserted into the file name to make it difficult for users to recognize the actual extension, '.exe.'
When the file is clicked, a malicious DLL file located in the same directory executes alongside it, activating the information theft malware. This type of malware transmits various information within the infected PC, such as account information, financial details, keyboard inputs, and screen captures to the attacker's server.
To prevent damage from phishing emails, it is emphasized to adhere to basic security rules such as: ▲ prohibiting execution of attachments and URLs in emails from unclear sources ▲ comparing the URL with official site addresses of companies and services before accessing, and applying the latest security patches to PCs, operating systems (OS), software, and internet browsers ▲ running antivirus real-time monitoring functions ▲ and setting different passwords for each account.
Lee Ga-young, a senior researcher at AhnLab's analysis team, noted, 'Phishing emails using themes that can cause users to feel anxiety or psychological agitation are consistently being circulated,' and added, 'When receiving emails, make sure to double-check the sender's information and content, and if anything seems suspicious, refrain from clicking on attachments and URLs.'