Damage cases occurred on ticketing movie ticket using credit card or online banking in South Korea.
Because it can cause financial damage, general users must be careful on using financial related tasks.
2. Spreading path and symptoms of infection
It can be downloaded from attachment of e-mail or clicking link on messenger or SNS.
Besides, we found this malicious file has been being loaded running process list on victim's PC.
In this figure, we can check that "noloadf5A.dll" is injected in normal process "rundll32.exe". This dll file remains as a hidden on following path. Furthermore, infected PC can register following certain registry value.
These 2 types of tried cases have been found recently, and various cases can appear.
A. Tried case on signing in online banking site
Following figure can appear while signing in domestic online banking site in infected PC.
B. Tried case on ticketing movie tickets online site
Another case appears on reserving tickets on movie tickets online site. If you input information for the ticket,
This Mastercard's secure code input form will appear.
This page is fake page and requires user card's information.
By the way, this pop-up will appear while using card for international-use.
3. How to prevent
To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Anti-Virus/Spyware for detecting such as malicious file stated above and runs responding system against various security threats.