Phishing marketing campaign makes use of Phrase paperwork to distribute three malware strains

Researchers recognized a brand new phishing marketing campaign that makes use of Microsoft Phrase paperwork to distribute malware that may log what a sufferer varieties, siphon cryptocurrency funds, and steal delicate information.

To get into the sufferer’s system, the attackers ship a phishing e mail with the malicious Phrase doc as an attachment. Clicking on the attachment prompts an embedded malicious hyperlink within the file and results in the supply of three malware strains referred to as RedLine Clipper, Agent Tesla, and OriginBotnet, in keeping with a report revealed Monday by cybersecurity agency Fortinet.

The RedLine Clipper loader steals cryptocurrency by altering a pockets handle saved within the sufferer’s clipboard to the attacker’s handle. It really works with numerous cryptocurrencies like Bitcoin, Ethereum, Dogecoin, Litecoin, Dashcoin, and Monero.

RedLine Clipper displays what customers copy, notably specializing in lengthy and sophisticated pockets addresses, that are onerous to sort out manually. As soon as it spots a pockets handle, it discreetly swaps it out with the attacker’s handle with out the consumer figuring out.

Agent Tesla, however, can document keystrokes and compiles an inventory of particular software program put in on the sufferer’s gadget, together with net browsers and e mail purchasers.

The third payload, OriginBotnet, can acquire delicate information from the sufferer’s laptop, connect with the hackers’ management server and obtain extra recordsdata from the server to carry out duties like recording keystrokes or recovering passwords on hacked gadgets.

“The assault demonstrated subtle strategies to evade detection and preserve persistence on compromised techniques,” the researchers stated.

Fortinet hasn’t attributed the assault to any recognized hacker group.