Since the discovery in September, FortiGuard Labs has blocked the malware, offering antivirus signatures and intrusion prevention system (IPS) rules for protection, the researchers added.
Attacks use old MS Word bugs
According to the researchers, the campaign used two Microsoft Office flaws, discovered and patched in 2017, that allow remote code execution on targeted systems.
CVE 2017-0199 affects Microsoft Office and Windows, allowing remote code execution through maliciously crafted RTF files, often delivered via phishing emails. Once opened, the files can download and run an HTA payload to compromise the system. With a CVSS score of 7.8, it poses a significant risk, requiring minimal user interaction for exploitation.
