1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • OpenDocument malware scams target hotels across the world

    From TechnologyDaily@1337:1/100 to All on Mon Jul 18 18:30:04 2022
    OpenDocument malware scams target hotels across the world

    Date:
    Mon, 18 Jul 2022 17:15:33 +0000

    Description:
    Newly discovered phishing campaign is particularly stealthy, as OpenDocument malware has zero detections so far.

    FULL STORY ======================================================================

    Security experts have recently discovered hackers on a particularly stealthy mission to compromise hotels in Latin America using OpenDocument text files.

    The unknown hackers are using a rarely seen phishing method that seems to be working out well so far, with the detection rate on VirusTotal for the malicious files being used was zero less than two weeks ago.

    The campaign itself has also raised a number of questions due to some unique features and traits that set it apart from others. Macro trouble

    Cybersecurity researchers from HP Wolf Security said that in late June 2022, they spotted a phishing campaign that distributed OpenDocument text files. OpenDocument is an open, vendor-neutral file format, recognized by the majority of productivity programs, such as Word, LibreOffice Writer, or
    Apache OpenOffice Writer as one of the most popular Microsoft Office alternatives .

    These files were being distributed, via email , to hotels in Latin America, and were presented as guest registration documents.

    Should the victim download and run the file, theyd be prompted to update fields with references to other files. The researchers describe the prompt as a cryptic message, and say that if the victim confirms, an Exel file opens.

    The Excel file will later ask the user to enable macros, and thats where the real trouble starts, as allowing macros triggers the infection chain. As a result, the victim gets AsyncRAT installed - a remote access trojan malware . AsyncRAT is described as a RAT that allows threat actors remote monitoring
    and control over infected endpoints , through a secure, encrypted connection.

    This campaign is particularly stealthy, as analysis of the OpenDocument shows no hidden macros, the researchers are saying. But the document does reference Object Linking and Embedding (OLE) objects, hosted remotely. Read more

    Hackers are weaponizing Excel documents to infiltrate corporate networks


    Fake court summons used to spread phishing malware


    Stay safe from malware in your inbox with the best antivirus programs
    around

    The document was found referencing almost two dozen other documents which, when downloaded and opened, contain embedded Excel spreadsheets, each of
    which requests running macros.

    The researchers seem to be a bit baffled by this approach, as the purpose of so many duplicate files remains unclear.

    Documents that arrive from outside an organization should always be treated with suspicion, especially if they try to load external content from the web but in practice, this isnt always straightforward advice to follow,
    especially in industries that rely on exchanging electronic documents between suppliers and clients, concluded HP Wolf Security. Check out our list of the best firewalls around



    ======================================================================
    Link to news story: https://www.techradar.com/news/opendocument-malware-scams-target-hotels-across -the-world/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)