The ASEC analysis team recently discovered malware strains installing proxyware without the user’s permission. Users whose systems are infected with the malware have their network bandwidth stolen by attackers to gain profit. The method of earning profit by using the infected system’s resources is similar to that of CoinMiner. This type of malware has been continuously around for a while.
ATT&CK IDS: T1543 - Create or Modify System Process, T1443 - Remotely Install Application, T1539 - Steal Web Session Cookie, T1528 - Steal Application Access Token, T1073 - DLL Side-Loading, T1007 - System Service Discovery