SmokeLoader picks up ancient MS Office bugs to pack fresh credential stealer

SUMMARY :

Threat actors are exploiting old Microsoft Office vulnerabilities using SmokeLoader, a modular malware loader, to steal browser credentials. The campaign targets manufacturing, healthcare, and IT companies in Taiwan, utilizing CVE-2017-0199 and CVE-2017-11882 to execute remote code and deploy malicious payloads. SmokeLoader, typically used to deliver other malware, is now employing its own plugins for credential theft. The attack involves phishing emails with malicious attachments, exploiting the MS Office flaws to download and execute harmful plugins. FortiGuard Labs has identified nine different plugins used to steal various types of credentials and sensitive data from browsers and email software.

OPENCTI LABELS :

phishing,vulnerabilities,credential theft,plugins,smokeloader,cve-2017-0199,cve-2017-11882,taiwan,andeloader,modular malware,microsoft office


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


SmokeLoader picks up ancient MS Office bugs to pack fresh credential stealer