Security News > 2020 > January > Hackers targeting Arabic-speaking countries with malicious Microsoft Office documents
Security researchers with Cisco's Talos Security Intelligence and Research Group discovered a new type of malware, which is able to attack a victim's devices through malicious Microsoft Office documents.
"We don't know why specifically these countries, the attackers simply hardcoded these countries in the malware. The attackers had complete control of the compromised systems. The purpose of the campaigns were cyber espionage," Rascagneres said.
"Everything starts with a malicious document using a well-known vulnerability to download a malicious document hosted on the internet. For this campaign, the attacker chose to use a cloud provider with a good reputation to avoid URL blacklisting. The malware is divided into a couple of layers - each layer downloads a new payload on a cloud provider to get the final RAT developed in Python and that uses additional providers such as Twitter and ImgBB," Talos researchers wrote in their blog post.
How to protect yourself from a RAT. Attackers are able to lure their victims into opening the documents by labelling it "Urgent.docx" or "Fb.docx" as well as other strange image files.
"Concerning the campaign, everything starts with a malicious Office document. We recommend not opening documents from unknown senders. Additionally, the users should be careful when Office asks to enable Macro. We recommend to not enable them, and we recommend the companies to enforce this policy. Endpoint protection is also important for detection for these campaigns," Rascagneres added.