Cybercriminal hackers have found a way to bypass the latest Microsoft Office flaw and use it to briefly distribute Formbook malware.
The patch provided by Microsoft was designed to prevent the execution of the code to download the Microsoft Cabinet (CAB) archive consisting of malicious executable. However, it seems that the attackers found a way to bypass the patch by installing a Word document in a specially designed RAR archive.
Sophos says the attackers distributed archives as part of a spam email campaign that lasted about 36 hours – on October 24 and 25 – before disappearing completely, which suggests the attack was a “dry run” test. The PowerShell script was used to attach a malicious Word document within the archive and, as soon as the victim opened the archive to access the document, the script was executed, resulting in Formbook malware infiltration.
Read More: Securityweek
For more such updates follow us on Google News ITsecuritywire News