1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Watch out - hackers are hiding malicious Microsoft Word files in

    From TechnologyDaily@1337:1/100 to All on Tue Aug 29 15:30:04 2023
    Watch out - hackers are hiding malicious Microsoft Word files in PDFs

    Date:
    Tue, 29 Aug 2023 15:15:14 +0000

    Description:
    Threat actors are abusing polyglots to deliver malware, Japanese researchers warn.

    FULL STORY ======================================================================

    Hackers are using polyglots to try and get their targets to install malware
    on their devices, experts have warned.

    Research from the Japanese computer emergency response team (JPCERT) has revealed that hackers are distributing a file that can be either a . PDF file , or a .DOCX file.

    Polyglots are file types that feature two different formats, and as such, carry two different extensions. Running macros

    The file in question, a .PDF document, hosts a Word document that carries a VBS macro. If the victim opens the file with Microsoft Word, the file will download and install MSI malware. The silver lining here is that Macros are still disabled by default in Microsoft Office programs. That means that even if the victim downloads and runs the malicious file, they still need to manually disable these protections and unblock the file, in order to have the macro download the malware and infect the endpoint.

    The Japanese researchers did not say who was behind the campaign, or which malware was being distributed. They did say that the attack was first
    detected in July this year, and that it managed to successfully bypass antivirus detection in at least one instance. This is probably because most scanning engines see the file as a .PDF, despite it being opened as a regular Word document, the researchers speculate. Read more

    Uh oh, malicious Windows shortcuts are making a return


    Cybercriminals have found a cunning new way to evade security protections


    These are the best free and paid options for the best firewall software

    The abuse of polyglot files to work around antivirus programs is nothing new and has been well documented before, BleepingComputer reminds, but adds that the researchers see this specific technique as novel.

    Last year, Microsoft finally decided to block macros running on default
    within Office files, due to the overwhelming abuse of the feature by various threat actors. Instead, only files that werent downloaded from the wider internet can have macros enabled without needing to go through multiple activation steps. Here's our rundown of the best malware removal services right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/watch-out-hackers-are-hiding-malicious- word-files-in-pdfs


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)