Cybersecurity researchers from HP Wolf Security have discovered a new malware (opens in new tab) strain being distributed via weaponized Microsoft Word files.
The malware, dubbed SVCReady, allows threat actors to exfiltrate system information such as device firmware and software installed on the endpoint (opens in new tab), the report says. It is being deployed in unison with another virus, a relatively popular strain called RedLine Stealer. This one is used to steal things like passwords, stored payment data, browsing history, and the likes.
The threat actor deploys the malware through weaponized Microsoft Word documents, by using shellcode stored within the properties of the document. This is a deviation of a more standard practice in which threat actors would usually use PowerShell or MSHTA.
While the strain is still in its infancy, and clearly a work in progress, it has great potential of becoming more than a nuisance, the researchers said.
Work in progress
The malware isn’t as potent as it can be. Still, with threat actors hard at work, there’s no room for complacency, argues Patrick Schläpfer, Malware Analyst at HP Wolf Security.
“A few things in the malware are broken,” Schläpfer says. “SVCReady is clearly under development, and the malicious actors have been adding encryption to the network communication format in recent weeks. As the malware is refined there is potential for it to become a bigger problem in the future. We have seen a few similarities in file naming conventions and lure imagery which appear to be linked to those used by the financially motivated threat group TA551.”
Last we heard of TA551, the group was hijacking email threads to distribute malware loaders. Cybersecurity experts from Intezer found the group abusing known vulnerabilities in unpatched and compromised Microsoft Exchange servers to steal login credentials, moving into people’s inboxes, and replying on long email chains with the links to IcedID, a modular banking trojan.
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba