Using Word documents to steal passwords

Next story

A new multi-stage attack has been identified utilising Word documents and delivering a password stealing piece of malware.  

The most interesting thing about this attack is that it doesn’t use macros as most Word based attack do.

Instead, it exploits a specific vulnerability in Microsoft Office (CVE-2017-11882) that targets the MS Equation Editor tool.

Eventually a PowerShell Script is executed; this script leads to the download of a Password Stealer Malware. This malware steal passwords from email, ftp and browser programmes.

Mark James, ESET IT Security Specialist, explains how you can avoid this kind of attack and gives a few best practices.

“As with all cases involving vulnerabilities and exploits it’s all about your patching practices.

“Making sure you are using the latest versions of your operating system along with any key applications. Get them patched and fully up-to-date as quickly as possible, this will go a long way in keeping you safe.

“Where vulnerabilities exists unpatched then understanding the attack process through awareness, prevention may be the only immediate defence.

“Making sure all the office updates are applied in a timely manner will help to keep you safe, ensure your office install has the latest service packs and any subsequent KB updates installed.

“Microsoft office may in some cases be overlooked as a product to keep updated because for some if it does what you need then there may not seem a need to buy and install new versions.

“Sadly this is not the case, keeping your office programs on the latest versions is just as important as keeping your windows operating system up to date.”

For a more in-depth and technical look at the inner workings of this attack, click here.

Do you always keep your OS and important software patched? Let us know on Twitter @ESETUK.