Malware-Infested Word Documents Are Arriving in Email Inboxes

Researchers have also observed an additional credential-stealing malware being used as a follow-up payload.
Aaron Drapkin

Microsoft Word documents aced with a novel strain of malware are being sent to unsuspecting user’s email inboxes, security researchers have confirmed.

The malicious code – which goes by the name of SVCReady – is being spread via phishing attacks, and computers without antivirus software installed are most at risk.

Security researchers have observed several updates have been released already which suggests it’s far from the finished article.

What Does the Malware Do?

The malware — first discovered by HP researchers — is delivered via shellcode stored inside the properties of Microsoft Word documents.

This distinguishes it from more traditional malware strains that use command-line interfaces like Powershell or utilities like MSHTA, which are often used in malware campaigns to download further payloads from the internet.

Hiding the malware in this way makes it much harder to detect via security software, which isn’t generally set up to find something like this.

It's also not the only case of Microsoft Word being weaponized for malicious purposes this week – Snake Keylogger malware was found inside PDF attachments being distributed for much the same effect.

SVCReady can exfiltrate information about a system's endpoint software as well as device firmware. Bleeping computer also says it supports “persistence, anti-analysis features, and encrypted C2 communications.”

Paving the Way for More Mayhem

HP’s report says that Redline Stealer, a well-known virus, was delivered as a follow-up payload in an April campaign after the initial infection.

Redline Stealer — a well-known type of malware that’s available for purchase for around $150, giving low-level cybercriminals the opportunity to wreak havoc — can be used to steal passwords, usernames, and other login credentials.

It’s also been observed previously in data saved in browsers like credit card numbers.

Protecting Yourself from Phishing Attacks

Microsoft Word documents are sent, received, and opened by millions of users every day — which makes them the perfect vehicle for spreading malware.

There are some golden rules when it comes to email safety. For example, never opening attachments from email addresses you don’t recognize.

Phishing emails are often riddled with spelling mistakes and will try to inject a sense of urgency into victims with some sort of call to action — such as suggesting an account will be blocked or payment will be taken. Being able to recognize these telltale signs is essential.

It’s also a good idea to install antivirus software that has the capacity to scan emails and perform pre-emptive checks on files you download, detect and remove any malware that does make its way onto your system.

This article was last updated on:
Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Aaron Drapkin is a Senior Writer at Tech.co. He has been researching and writing about technology, politics, and society in print and online publications since graduating with a Philosophy degree from the University of Bristol three years ago. As a writer, Aaron takes a special interest in VPNs and project management software. He has been quoted in the Daily Mirror, Daily Express, The Daily Mail, Computer Weekly, and the Silicon Republic speaking on various privacy and cybersecurity issues, and has articles published in Wired, Vice, Metro, The Week, and Politics.co.uk covering a wide range of topics.

Explore More See all news
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals