Phishing attacks use six years old MS Office flaw to spread malware
Take action: Microsoft Office has always been a great vector for attack. If you are still using unpatched Microsoft Office versions, patch them to the latest versions. If you are optimistic and don't want to patch, be very mindful of excel files and their source. And expect to be hacked.
Learn More
Cybercriminals are leveraging a vulnerability in Microsoft Office tracked CVE-2017-11882 (CVSS score: 7.8), in phishing campaigns to distribute Agent Tesla, a spyware active since 2014 and first identified in June 2018.
Agent Tesla can record keystrokes, clipboard contents, screenshots, and system credentials.
Originally spread through a malicious Microsoft Word document with an auto-executable VBA Macro, recent attacks involve spam emails with Excel documents containing the malware. The vulnerability, affecting the MS Office component EQNEDT32.EXE used for equations, allows memory corruption and malicious code execution.
Despite a 2017 patch, this flaw remains exploited, notably in recent weeks.
Recent attack strategies include using obfuscated VBS files downloaded from malicious Excel files to fetch a JPG containing a Base64-encoded DLL, which in turn downloads and injects the Agent Tesla payload into the system.
