Hackers have been observed targeting users running outdated Office programs, with the goal of delivering an infostealing malware called Agent Tesla.
This is according to cybersecurity researchers Zscaler ThreatLabs, who recently detailed a phishing campaign that distributes an Excel document. If the victim is using an older version of Excel, the document can abuse a memory corruption vulnerability in the Equation Editor, tracked as CVE-2017-11882.
That allows it to execute code with user privileges but without further user interaction or consent.
Advanced keylogger
In its writeup, TheHackerNews describes Agent Tesla as an "advanced keylogger and remote access trojan (RAT)" capable of harvesting sensitive information. After gathering the required intel, Agent Tesla can communicate with its remote C2 server and extract the data quietly.
"Threat actors constantly adapt infection methods, making it imperative for organizations to stay updated on evolving cyber threats to safeguard their digital landscape," Khursale said.
Both the infostealing malware and the Excel vulnerability seem to be extremely popular these days. A report from Cofense, released in late October, states that the most prevalent malware associated with phishing in Q3 was the Agent Tesla keylogger. Furthermore, the same source claims the most common delivery method to infect your computer with these forms of malware is the CVE-2017-11882 exploit.
More from TechRadar Pro
- Beware, your login details are being targeted more than ever - here's what to look out for
- Here's a list of the best firewalls today
- These are the best endpoint protection services right now