Security News > 2022 > March > Hackers exploit new WPS Office flaw to breach betting firms

Hackers exploit new WPS Office flaw to breach betting firms
2022-03-23 16:10

An unknown Chinese-speaking threat actor has been targeting betting companies in Taiwan, Hong Kong, and the Philippines, leveraging a vulnerability in WPS Office to plant a backdoor on the targeted systems.

The first infection vector used in this campaign is an email with a laced installer that pretends to be a critical WPS Office update, but in most attacks, the threat actors use a different method.

The second infection vector, which is predominately used in this campaign, is leveraging CVE-2022-24934, a vulnerability in the WPS Office updater utility.

WPS Office is a cross-platform office suite with over 1.2 billion installations.

"To exploit the vulnerability, a registry key under HKEY CURRENT USER needs to be modified, and by doing this an attacker gains persistence on the system and control over the update process," explains Avast in its technical report.

Considering the nature of the targets, which is betting companies, the goal of the threat actors may have been to steal financial details or take over accounts and cash out escrow balances.


News URL

https://www.bleepingcomputer.com/news/security/hackers-exploit-new-wps-office-flaw-to-breach-betting-firms/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-03-23 CVE-2022-24934 Unspecified vulnerability in WPS Office
wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry.
network
low complexity
wps
critical
 9.8
9.8