Security News > 2022 > March > Hackers exploit new WPS Office flaw to breach betting firms
An unknown Chinese-speaking threat actor has been targeting betting companies in Taiwan, Hong Kong, and the Philippines, leveraging a vulnerability in WPS Office to plant a backdoor on the targeted systems.
The first infection vector used in this campaign is an email with a laced installer that pretends to be a critical WPS Office update, but in most attacks, the threat actors use a different method.
The second infection vector, which is predominately used in this campaign, is leveraging CVE-2022-24934, a vulnerability in the WPS Office updater utility.
WPS Office is a cross-platform office suite with over 1.2 billion installations.
"To exploit the vulnerability, a registry key under HKEY CURRENT USER needs to be modified, and by doing this an attacker gains persistence on the system and control over the update process," explains Avast in its technical report.
Considering the nature of the targets, which is betting companies, the goal of the threat actors may have been to steal financial details or take over accounts and cash out escrow balances.
News URL
Related news
- Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms (source)
- North Korean hackers exploit VPN update flaw to install malware (source)
- Attackers Exploit Public .env Files to Breach Cloud Accounts in Extortion Campaign (source)
- Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America (source)
- Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor (source)
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (source)
- Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPs (source)
- APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262) (source)
- APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace Backdoor (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-23 | CVE-2022-24934 | Unspecified vulnerability in WPS Office 10.1.0.7106/10.2.0.5978/5.3.1 wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry. | 7.5 |