A long-standing problem and innovative approaches for applying destructive tactics.
Recently, attackers have been actively using the Microsoft Office vulnerability, first discovered more than six years ago, in phishing campaigns to distribute Agent Tesla malware. Reports from Zscaler ThreatLabZ and Fortinet FortiGuard Labs indicate that criminals use fake Excel documents disguised as invoices to deceive users.
Agent Tesla is an advanced keylogger and Trojan for remote access to the database .NET, which can collect confidential data and transmit it to a remote server of intruders.
A vulnerability in the Microsoft Office formula editor, tracked under the identifier CVE-2017-11882 (CVSS 7.8), allows attackers to execute arbitrary malicious code.
According to researcher Kaivalya Khursale, after opening an infected Excel file, additional malicious components are loaded, even without user interaction.
First, an obfuscated script in Visual Basic is loaded, which then downloads a JPG file with an encrypted DLL library. This method of steganography was described in detail by McAfee specialists in September 2023. For the final launch of the malware, the DLL file is embedded in the Windows Build Registration tool (RegAsm.exe).
Khursale emphasizes the importance for security professionals of constantly updating their own knowledge base about infection methods, as well as updating the software directly used, so that hackers do not have the opportunity to exploit long-standing security holes. This is the only way to effectively protect your organization's digital environment.
Recently, attackers have been actively using the Microsoft Office vulnerability, first discovered more than six years ago, in phishing campaigns to distribute Agent Tesla malware. Reports from Zscaler ThreatLabZ and Fortinet FortiGuard Labs indicate that criminals use fake Excel documents disguised as invoices to deceive users.
Agent Tesla is an advanced keylogger and Trojan for remote access to the database .NET, which can collect confidential data and transmit it to a remote server of intruders.
A vulnerability in the Microsoft Office formula editor, tracked under the identifier CVE-2017-11882 (CVSS 7.8), allows attackers to execute arbitrary malicious code.
According to researcher Kaivalya Khursale, after opening an infected Excel file, additional malicious components are loaded, even without user interaction.
First, an obfuscated script in Visual Basic is loaded, which then downloads a JPG file with an encrypted DLL library. This method of steganography was described in detail by McAfee specialists in September 2023. For the final launch of the malware, the DLL file is embedded in the Windows Build Registration tool (RegAsm.exe).
Khursale emphasizes the importance for security professionals of constantly updating their own knowledge base about infection methods, as well as updating the software directly used, so that hackers do not have the opportunity to exploit long-standing security holes. This is the only way to effectively protect your organization's digital environment.
