Uses complex obfuscation techniques to avoid detection
15th October 2018, By Sergiu Gatlan
A new malware campaign discovered by the Cisco Talos Intelligence Group uses RTF documents to exploit the CVE-2017-11882 Microsoft Office Memory Corruption Vulnerability to distribute the Agent Tesla data stealer RAT malware.
To be more exact adversaries behind this malware campaign are exploiting the security issue to “run arbitrary code in the context of the current user by failing to properly handle objects in memory”, as detailed in the Common Vulnerabilities and Exposures database.
The bad actors exploit Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 using maliciously crafted RTF documents.