A new phishing attack was recently discovered using malicious Word documents. The important thing to know about this attack is simple. “Never open something from someone you don’t know or something from someone you aren’t expecting something from!” Also be confident before you ever click “ENABLE EDITING” on a document. While this treat is out there, be particularly cautious of Word Document attachments.
The Word document by the author “Honeybee” uses visual basic to infect the device with the attached malware once opened. This new attack uses a modified version of an existing backdoor malware intrusion called Syscon. The malware can create a backdoor into the infected machine that allows attackers to spy on the device and steal data. It uses an FTP server to enact command and control tactics to further compromise the infected device. The document tells users to enable content and when enabled it starts to execute the malware. The malware is designed to investigate the computer and gather important information.
With the sophistication of this attack researches believe the orchestrator is probably the result of a nation-state.
We Solve Problems and Make People Happy