Hackers person been observed targeting users moving outdated Office programs, pinch nan extremity of delivering an infostealing malware called Agent Tesla.
This is according to cybersecurity researchers Zscaler ThreatLabs, who precocious elaborate a phishing run that distributes an Excel document. If nan unfortunate is utilizing an older type of Excel, nan archive tin maltreatment a representation corruption vulnerability successful nan Equation Editor, tracked arsenic CVE-2017-11882.
That allows it to execute codification pinch personification privileges but without further personification relationship aliases consent.
"Once a personification downloads a malicious attachment and opens it, if their type of Microsoft Excel is vulnerable, nan Excel record initiates connection pinch a malicious destination and proceeds to download further files without requiring immoderate further personification interaction," said information interrogator Kaivalya Khursale.
The infection is simply a multi-step process, pinch nan first measurement being an obfuscated Visual Basic Script. It downloads a malicious JPG record carrying a Base64-encoded DLL file. That record is later injected into nan Windows Assembly Registration Tool (RegAsm.exe), which launches nan last payload - Agent Tesla.
In its writeup, TheHackerNews describes Agent Tesla arsenic an "advanced keylogger and distant entree trojan (RAT)" tin of harvesting delicate information. After gathering nan required intel, Agent Tesla tin pass pinch its distant C2 server and extract nan information quietly.
"Threat actors perpetually accommodate infection methods, making it imperative for organizations to enactment updated connected evolving cyber threats to safeguard their integer landscape," Khursale said.
Both nan infostealing malware and nan Excel vulnerability look to beryllium highly celebrated these days. A study from Cofense, released successful precocious October, states that nan astir prevalent malware associated pinch phishing successful Q3 was nan Agent Tesla keylogger. Furthermore, nan aforesaid root claims nan astir communal transportation method to infect your machine pinch these forms of malware is nan CVE-2017-11882 exploit.
More from TechRadar Pro
- Beware, your login specifications are being targeted much than ever - here's what to look retired for
- Here's a database of nan best firewalls today
- These are nan best endpoint protection services correct now