An ancient Microsoft Excel vulnerability is being hijacked to spread malware - world News Update

Trending 2 months ago
Petya nagscreen
(Image credit: Wikipedia)

Hackers person been observed targeting users moving outdated Office programs, pinch nan extremity of delivering an infostealing malware called Agent Tesla.

This is according to cybersecurity researchers Zscaler ThreatLabs, who precocious elaborate a phishing run that distributes an Excel document. If nan unfortunate is utilizing an older type of Excel, nan archive tin maltreatment a representation corruption vulnerability successful nan Equation Editor, tracked arsenic CVE-2017-11882. 

That allows it to execute codification pinch personification privileges but without further personification relationship aliases consent. 

"Once a personification downloads a malicious attachment and opens it, if their type of Microsoft Excel is vulnerable, nan Excel record initiates connection pinch a malicious destination and proceeds to download further files without requiring immoderate further personification interaction," said information interrogator Kaivalya Khursale.

The infection is simply a multi-step process, pinch nan first measurement being an obfuscated Visual Basic Script. It downloads a malicious JPG record carrying a Base64-encoded DLL file. That record is later injected into nan Windows Assembly Registration Tool (RegAsm.exe), which launches nan last payload - Agent Tesla.

Advanced keylogger

In its writeup, TheHackerNews describes Agent Tesla arsenic an "advanced keylogger and distant entree trojan (RAT)" tin of harvesting delicate information. After gathering nan required intel, Agent Tesla tin pass pinch its distant C2 server and extract nan information quietly. 

"Threat actors perpetually accommodate infection methods, making it imperative for organizations to enactment updated connected evolving cyber threats to safeguard their integer landscape," Khursale said.

Both nan infostealing malware and nan Excel vulnerability look to beryllium highly celebrated these days. A study from Cofense, released successful precocious October, states that nan astir prevalent malware associated pinch phishing successful Q3 was nan Agent Tesla keylogger. Furthermore, nan aforesaid root claims nan astir communal transportation method to infect your machine pinch these forms of malware is nan CVE-2017-11882 exploit.

More from TechRadar Pro

  • Beware, your login specifications are being targeted much than ever - here's what to look retired for
  • Here's a database of nan best firewalls today
  • These are nan best endpoint protection services correct now

Sign up to nan TechRadar Pro newsletter to get each nan apical news, opinion, features and guidance your business needs to succeed!

Sead is simply a seasoned freelance journalist based successful Sarajevo, Bosnia and Herzegovina. He writes astir IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, information breaches, laws and regulations). In his career, spanning much than a decade, he’s written for galore media outlets, including Al Jazeera Balkans. He’s besides held respective modules connected contented penning for Represent Communications.