Malware steals passwords, bank accounts thanks to… MS Word attack-Information Technology

A dangerous type of malware called SVCReady has just been “caught in the act” while taking system information to send out.

Follow TechRadarcybersecurity researchers from HP Wolf Security have discovered a new type of malware that is being infected through Microsoft Word files.

Microsoft Word documents are being attacked by hackers.

The malware, called SVCReady, allows bad actors to steal system information, such as device firmware, and be installed on terminals, the report said. It is being deployed concurrently with another relatively common virus called RedLine Stealer. They are used to steal passwords, saved payment data, browsing history and the like.

Threats deploy malware through “enchanted” Microsoft Word documents, using shellcode stored in the document’s properties. This method is quite different from the usual attack using PowerShell or MSHTA.

Although the strain of the virus is still in its infancy, the researchers say, it is clear that there is a whole “malicious construction” under construction.

Current malware is not too dangerous. Patrick Schläpfer, malware analyst at HP Wolf Security, argues that with the threat actors working hard to develop SVCReady, we cannot underestimate the danger it presents.

“Something in the malware is faulty,” says Schläpfer. SVCReady is apparently in development, and malicious actors have added encryption to the networked communication format in recent weeks. As malware improves, it is likely to become a bigger problem in the future. We’ve seen some similarities in the file naming conventions, which appear to be linked to those used by the TA551 hacker group, which often attacks victims with the intent of stealing funds.”

This group of hackers is hijacking email chains to spread malware downloads. Cybersecurity experts from Intezer discovered that this group is abusing discovered but unpatched vulnerabilities in Microsoft Exchange server systems to steal login information, then respond to users’ emails with links to IcedID (a type of trojan that steals bank accounts).