Security researchers at Microsoft have issued a warning concerning an ongoing spam wave which utilizes malicious RTF documents to infect users' systems with malware.
According to the company, the spam wave is specifically targeting European users as the emails are sent in various European languages. The Microsoft Security Intelligence team explained how the campaign worked, saying:
"In the new campaign, the RTF file downloads and runs multiple scripts of different types (VBScript, PowerShell, PHP, others) to download the payload."
- Email cyberattacks on the rise - are you protected?
- Email security is greater threat than ever
- One in five email attacks uses compromised accounts
The final payload is a backdoor trojan whose command and control servers went offline around the same time Microsoft issued its warning on the campaign.
Equation Editor vulnerability
As the initial infection vector relies on an older Office vulnerability, users can be completely safe from this spam campaign by updating their software as Microsoft patched the vulnerability back in November of 2017.
The vulnerability is referred to as CVE-2017-11882 and is a codename for a vulnerability in an older version of the Equation Editor component included with Office. Security researchers from Embedi discovered a bug in this older component back in 2017 that allowed hackers to execute code on a user's device after they opened a weaponized Office file containing a special exploit.
Once a second Equation Editor bug was discovered in 2018, Microsoft decided to completely remove the older Equation Editor component from Office. However, as organizations and individuals often fail or forget to install software updates, cybercriminals were still able to exploit the vulnerability even after the company released an update that would mitigate the issue.
According to a report from Recorded Future as well as one from Kaspersky Lab, the CVE-2017-11882 vulnerability was one of the top exploited vulnerabilities of 2018 as hackers continued to prey on users that had yet to update their software.
- Concerned about email security? Check out the best email clients
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.