SmokeLoader picks up ancient MS Office bugs to pack fresh credential stealer

1(520) 261-1728

SmokeLoader picks up ancient MS Office bugs to pack fresh credential stealer

Threat actors are exploiting old Microsoft Office vulnerabilities using SmokeLoader, a modular malware loader, to steal browser credentials. The campaign targets manufacturing, healthcare, and IT companies in Taiwan, utilizing CVE-2017-0199 and CVE-2017-11882 to execute remote code and deploy malicious payloads. SmokeLoader, typically used to deliver other malware, is now employing its own plugins for credential theft. The attack involves phishing emails with malicious attachments, exploiting the MS Office flaws to download and execute harmful plugins. FortiGuard Labs has identified nine different plugins used to steal various types of credentials and sensitive data from browsers and email software. Author: AlienVault

Related Tags:
modular malware

AndeLoader

plugins

T1059.005

vulnerabilities

Microsoft Office

T1056.001

CVE-2017-11882

T1204.002

Associated Indicators:
392D201120936C1F0E77BDB4B490F2825C1E6F584F18055C742B36250F89566B

F4B16C3F8BFF445FDCD9D7EDB5883D20D7663C3744E137439FA961736D0A9471

00874AB2A91433DFBFDC9EE6ADE6173F3280737FC81505504ACE11273F640610

FBE226DD0130C3C0C4DB9D125CD25ECA3C8E310DAE8127D15C8BE18041D41CD6

35E55053BED6B3C1027A3E7C140E67303E01E8FCBF42ABAC27B8E9DF2A090EE3

3E523ED80DBB592B1FF8C3345C3CD231DDD5A06E1AF4C7B7D1F7F81249D0C4A3

5DC92A6ED1EF2A5D9CF2A112532AD2C9FD70BFF727E4CB60CD5D9C4966F2F77F

AD657479D9F6322DABA65638523D65631FF83BA5A717261ACB5A53FD48E52209

F7544F07B4468E38E36607B5AC5B3835EAC1487E7D16DD52CA882B3D021C19B6

Threat Intel Solutions

SmokeLoader picks up ancient MS Office bugs to pack fresh credential stealer

Search

Popular Posts

2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

MintsLoader: StealC and BOINC Delivery

Categories

Archives

Tags

Follow Us