A new wave of attacks is targetting outdated computers running the Microsoft Office productivity suite and the malware is designed to steal the passwords stored in the unpatched system. It’s worth noting that the software giant has already patched the vulnerabilities back in 2017, so the malware is only targetting the unpatched computers.
The attacks are based on Zyklon malware and it could also steal cryptocurrency wallet data. Attacks are aimed at three different Office vulnerabilities, and Microsoft has already patched two vulnerabilities, reports security company FireEye.
Microsoft says the third bug is actually not a security vulnerability, though it is being currently discussed in Dynamic Data Exchange (DDE). Microsoft patched the vulnerability in .NET framework and Microsoft Equation Edition in October and November last year.
These attacks are carried through emails, and the email has compromised DOC files. When you’ll download the files and launch them, it will try to exploit the bugs and steal the passwords stored in web browsers. Furthermore, it could be used to harvest licenses for select software.
Zyklon malware is targetting three industries – insurance, financial services and telecommunications.
“The malware may communicate with its command and control (C2) server over The Onion Router (Tor) network if configured to do so. The malware can download several plugins, some of which include features such as cryptocurrency mining and password recovery, from browsers and email software. Zyklon also provides a very efficient mechanism to monitor the spread and impact,” the company says.
Disclaimer: The information contained in this article is based on a research by Swapnil Patil, Yogesh Londhe and the company FireEye, Inc. Windows Latest makes no claims, guarantees about the accuracy or completeness, contained in this article or linked pages (websites).
