A recently disclosed severe 17-year-old vulnerability in Microsoft Office in which lets hackers install malware on targeted computers without user interaction will be today being exploited from the wild to distribute a backdoor malware.
First spotted by researchers at security firm Fortinet, the malware has been dubbed Cobalt because in which uses a component via a powerful along with legitimate penetration testing tool, called Cobalt Strike.
Cobalt Strike will be a form of software developed for Red Team Operations along with Adversary Simulations for accessing covert channels of a system.
The vulnerability (CVE-2017-11882) in which Cobalt malware utilizes to deliver the backdoor will be a memory-corruption issue in which allows unauthenticated, remote attackers to execute malicious code on the targeted system when opened a malicious file along with potentially take full control over in which.
This particular vulnerability impacts all versions of Microsoft Office along with Windows operating system, though Microsoft has already released a patch update to address the issue. You can read more details along with impact of the vulnerability in our previous article.
Since cybercriminals are quite quick in taking advantage of newly disclosed vulnerabilities, the threat actors started off delivering Cobalt malware using the CVE-2017-11882 exploit via spam just a few days after its disclosure.
According to Fortinet researchers, the Cobalt malware will be delivered through spam emails, which disguised as a notification via Visa regarding rule modifications in Russia, with an attachment in which includes a malicious RTF document, as shown.
The email also contains a password-protected archive with login credentials provided from the email to unlock in which in order to trick victims into believing in which the email came via the legitimate financial service.
“This particular will be [also] to prevent auto-analysis systems via extracting the malicious files for sandboxing along with detection,” Fortinet researchers Jasper Manual along with Joie Salvio wrote.
“Since a copy of the malicious document will be out from the open… so in which’s possible in which This particular will be only to trick the user into thinking in which securities are in place, which will be something one would certainly expect in an email via a widely used financial service.”
Once the document will be opened, the user has displayed a plain document with the words “Enable Editing.” However, a PowerShell script silently executes from the background, which eventually downloads a Cobalt Strike client to take control of the victim’s machine.
With control of the victim’s system, hackers can “initiate lateral movement procedures from the network by executing a wide array of commands,” the researchers said.
According to the researchers, cybercriminals are always in look for such vulnerabilities to exploit them for their malware campaigns, along with due to ignoring software updates, a significant number of users out there left their systems unpatched, doing them vulnerable to such attacks.
The best way to protect your computer against the Cobalt malware attack will be to download the patch for the CVE-2017-11882 vulnerability along with update your systems immediately.
Incoming search terms:
- идеи для стендов и декор в графике