1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • An ancient Microsoft Excel vulnerability is being hijacked to spr

    From TechnologyDaily@1337:1/100 to All on Thu Dec 21 16:15:05 2023
    An ancient Microsoft Excel vulnerability is being hijacked to spread malware

    Date:
    Thu, 21 Dec 2023 16:00:02 +0000

    Description:
    A six-year-old flaw is gaining traction among hackers looking to drop infostealers.

    FULL STORY ======================================================================

    Hackers have been observed targeting users running outdated Office programs, with the goal of delivering an infostealing malware called Agent Tesla.

    This is according to cybersecurity researchers Zscaler ThreatLabs, who recently detailed a phishing campaign that distributes an Excel document. If the victim is using an older version of Excel, the document can abuse a
    memory corruption vulnerability in the Equation Editor, tracked as CVE-2017-11882.

    That allows it to execute code with user privileges but without further user interaction or consent.

    "Once a user downloads a malicious attachment and opens it, if their version of Microsoft Excel is vulnerable, the Excel file initiates communication with a malicious destination and proceeds to download additional files without requiring any further user interaction," said security researcher Kaivalya Khursale.

    The infection is a multi-step process, with the first step being an
    obfuscated Visual Basic Script. It downloads a malicious JPG file carrying a Base64-encoded DLL file. That file is later injected into the Windows
    Assembly Registration Tool (RegAsm.exe), which launches the final payload - Agent Tesla. Advanced keylogger

    In its writeup, TheHackerNews describes Agent Tesla as an "advanced keylogger and remote access trojan (RAT)" capable of harvesting sensitive information. After gathering the required intel, Agent Tesla can communicate with its remote C2 server and extract the data quietly.

    "Threat actors constantly adapt infection methods, making it imperative for organizations to stay updated on evolving cyber threats to safeguard their digital landscape," Khursale said.

    Both the infostealing malware and the Excel vulnerability seem to be
    extremely popular these days. A report from Cofense, released in late
    October, states that the most prevalent malware associated with phishing in
    Q3 was the Agent Tesla keylogger. Furthermore, the same source claims the
    most common delivery method to infect your computer with these forms of malware is the CVE-2017-11882 exploit. More from TechRadar Pro Beware, your login details are being targeted more than ever - here's what to look out for Here's a list of the best firewalls today These are the best endpoint protection services right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/an-ancient-microsoft-excel-vulnerabilit y-is-being-hijacked-to-spread-malware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)