Another dangerous malware strain is hijacking Microsoft Word documents
Date:
Wed, 08 Jun 2022 13:50:25 +0000
Description:
SVCReady was found exfiltrating system info and installed software intel.
FULL STORY ======================================================================
Cybersecurity researchers from HP Wolf Security have discovered a new malware strain being distributed via weaponized Microsoft Word files.
The malware, dubbed SVCReady, allows threat actors to exfiltrate system information such as device firmware and software installed on the endpoint , the report says. It is being deployed in unison with another virus, a relatively popular strain called RedLine Stealer. This one is used to steal things like passwords, stored payment data, browsing history, and the likes.
The threat actor deploys the malware through weaponized Microsoft Word documents, by using shellcode stored within the properties of the document. This is a deviation of a more standard practice in which threat actors would usually use PowerShell or MSHTA.
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 . Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/10.99.
While the strain is still in its infancy, and clearly a work in progress, it has great potential of becoming more than a nuisance, the researchers said. Work in progress
The malware isnt as potent as it can be. Still, with threat actors hard at work, theres no room for complacency, argues Patrick Schlpfer, Malware
Analyst at HP Wolf Security. Read more
This nasty malware weasels its way into your email threads
Watch out for this dangerous new Microsoft Word scam, Office users warned
A new Windows Search zero-day is giving Microsoft another security
headache
A few things in the malware are broken, Schlpfer says. SVCReady is clearly under development, and the malicious actors have been adding encryption to
the network communication format in recent weeks. As the malware is refined there is potential for it to become a bigger problem in the future. We have seen a few similarities in file naming conventions and lure imagery which appear to be linked to those used by the financially motivated threat group TA551.
Last we heard of TA551, the group was hijacking email threads to distribute malware loaders. Cybersecurity experts from Intezer found the group abusing known vulnerabilities in unpatched and compromised Microsoft Exchange servers to steal login credentials, moving into peoples inboxes, and replying on long email chains with the links to IcedID, a modular banking trojan. Protect against known threats with the best firewalls around
======================================================================
Link to news story:
https://www.techradar.com/news/another-dangerous-malware-strain-is-hijacking-m icrosoft-word-documents/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)