There’s a dangerous backdoor trojan in the wild, and Microsoft Office users are vulnerable it. Be on the lookout for suspicious-looking .rtf attachments sent through email!
Upon opening them, you will be infected immediately. Microsoft reports that these spam emails are being sent in various European languages, so it appears this is the group of people that the hackers are targeting.
The final payload downloaded by the malicious script appears to be a backdoor trojan. The good news, however, is that as soon as Microsoft issued a warning, the malware’s control and command centre seems to have gone down.
That being said, there may be other cyber security threats taking advantage of the same vulnerability in the future.
Initially, a similar vulnerability going by the codename of CVE-2017-11882, was patched during the November 2017 batch of updates. Originally, it was discovered by security researchers from Embedi. Since it’s so old, many people should now be safe. Unfortunately, many companies still haven’t taken the time to install it yet, making themselves particularly vulnerable.
Cyber criminals are more than happy to take advantage of it, so CVE-2017-11882 is still a cyber security vulnerability that you need to be on the lookout for. Recorded Future indicates that this particular vulnerability is, in fact, the third most abused one in 2018. Kaspersky also puts it at the top of the list.
Unlike other Microsoft Office exploits, it requires no interaction on the user’s end, making it a very popular weapon in the hands of the hackers.