Microsoft Word documents aced with a novel strain of malware are being sent to unsuspecting user’s email inboxes, security researchers have confirmed.
The malicious code – which goes by the name of SVCReady – is being spread via phishing attacks, and computers without antivirus software installed are most at risk.
Security researchers have observed several updates have been released already which suggests it’s far from the finished article.
What Does the Malware Do?
The malware — first discovered by HP researchers — is delivered via shellcode stored inside the properties of Microsoft Word documents.
This distinguishes it from more traditional malware strains that use command-line interfaces like Powershell or utilities like MSHTA, which are often used in malware campaigns to download further payloads from the internet.
Hiding the malware in this way makes it much harder to detect via security software, which isn’t generally set up to find something like this.
It's also not the only case of Microsoft Word being weaponized for malicious purposes this week – Snake Keylogger malware was found inside PDF attachments being distributed for much the same effect.
SVCReady can exfiltrate information about a system's endpoint software as well as device firmware. Bleeping computer also says it supports “persistence, anti-analysis features, and encrypted C2 communications.”
Paving the Way for More Mayhem
HP’s report says that Redline Stealer, a well-known virus, was delivered as a follow-up payload in an April campaign after the initial infection.
Redline Stealer — a well-known type of malware that’s available for purchase for around $150, giving low-level cybercriminals the opportunity to wreak havoc — can be used to steal passwords, usernames, and other login credentials.
It’s also been observed previously in data saved in browsers like credit card numbers.
Protecting Yourself from Phishing Attacks
Microsoft Word documents are sent, received, and opened by millions of users every day — which makes them the perfect vehicle for spreading malware.
There are some golden rules when it comes to email safety. For example, never opening attachments from email addresses you don’t recognize.
Phishing emails are often riddled with spelling mistakes and will try to inject a sense of urgency into victims with some sort of call to action — such as suggesting an account will be blocked or payment will be taken. Being able to recognize these telltale signs is essential.
It’s also a good idea to install antivirus software that has the capacity to scan emails and perform pre-emptive checks on files you download, detect and remove any malware that does make its way onto your system.