Since its discovery in September, FortiGuard Labs has blocked the malware, providing antivirus signatures and intrusion prevention (IPS) rules for protection, the researchers added.
The attack exploits old MS Word bugs
According to the researchers, the campaign used two Microsoft Office flaws, discovered and patched in 2017, that allowed remote code execution in the targeted programs.
CVE 2017-0199 affects Microsoft Office and Windows, allowing remote code execution via poorly crafted RTF files, which are often delivered via phishing emails. Once opened, the files can be downloaded and used for HTA uploads to compromise the system. With a CVSS score of 7.8, it poses a high risk, requiring little user interaction to exploit. .
Source link