Cybersecurity firm Proofpoint, has discovered a Microsoft Word vulnerability that serves as an attack vector for Dridex malware.
While the vulnerability is new, the way miscreants are getting folks to open a malicious file isn’t.
The firm says that a victim will receive an email with a Microsoft Word Rich Text Format (RTF) document attached. To make matters worse, in the example provide the email appears to originate from a trusted domain with a device prefix.
“The subject line in all cases read “Scan Data” and included attachments named “Scan_123456.doc” or “Scan_123456.pdf”, where “123456” was replaced with random digits,” Proofpoint writes in a blog.
This is incredibly dangerous, particularly in a business environment where the scanning and email of documents is common practice. This – the firm says – makes the lure of clicking the document that much more tempting.
Once the file is open and the exploit runs successfully, Dridex botnet ID 7500 is installed on the user’s PC and an attacker can begin hoovering up banking details.
Proofpoint goes on to remind us that while cyber criminals prefer social engineering they are not averse to switching up their tactics and using a combination of both technical skill and leveraging the human condition such as this exploit does.
A patch for the vulnerability is expected to be released today (11th April) and Proofpoint advises that users and organisations deploy the patch as soon as possible.[Image – Pixabay]