This report highlights the prevalence of phishing attacks in November 2025, emphasizing the use of HTML scripts and hyperlinking techniques to steal user credentials. It also discusses the distribution of phishing emails in Korean and analyzes malware cases involving XLoader and compressed EXE files. #PhishingEmails #XLoader #FakePage #C2Server
Keypoints
- Phishing emails accounted for 78% of email threats in November 2025, mainly mimicking login pages.
- Threat actors used scripts and hyperlinks embedded in PDFs to redirect users to fake websites.
- The report analyzes phishing emails distributed in Korean, highlighting commonly used keywords.
- Malware such as XLoader was distributed via document attachments, activating C2 servers to download additional malware.
- There is an increasing trend of compressed EXE files (.rar) used to evade detection and distribute malware.
Read More: https://asec.ahnlab.com/en/91596/