Free Phone Consultation For New Clients | CONTACT NOW

Malware Being Distributed by Disguising Itself as Icon of Ahnlab V3 Lite

AhnLab’s anti-malware team has discovered two new types of malware, including AveMaria RAT and AgentTesla, that are being distributed in the .NET packer form disguising themselves as Ahnlab V3 Lite.

The first variant of this malware, "RAT.AveMarya", is a remote access Trojan that can be used to access the compromised system and launch further attacks on other systems in the network.

The second variant, AgentTesla, is a bot that generates reports of threat levels in the network and sends them to an attacker’s server. It also has the ability to automatically perform actions on behalf of its creator.

The AveMaria RAT was distributed as part of a .NET package disguised as Ahnlab V3 Lite software originally created by AhnLab for analysis purposes. The analysis client was distributed with a fake version number "V3-lite-Lite-1.

The AveMaria RAT author has also changed the original Ahnlab V3 Lite configuration file, which is still available on their website, to give it more capabilities and hide it from antivirus detection.

The malware, AgentTesla, is a bot that generates reports of threat levels in the network and sends them to an attacker’s server. It also has the ability to automatically perform actions on behalf of its creator.

Source: Malware Being Distributed by Disguising Itself as Icon of Ahnlab V3 Lite - AlienVault - Open Threat Exchange

Need secure managed IT services in the Greenville, SC, area?