Security News > 2022 > March > Hackers exploit new WPS Office flaw to breach betting firms
An unknown Chinese-speaking threat actor has been targeting betting companies in Taiwan, Hong Kong, and the Philippines, leveraging a vulnerability in WPS Office to plant a backdoor on the targeted systems.
The first infection vector used in this campaign is an email with a laced installer that pretends to be a critical WPS Office update, but in most attacks, the threat actors use a different method.
The second infection vector, which is predominately used in this campaign, is leveraging CVE-2022-24934, a vulnerability in the WPS Office updater utility.
WPS Office is a cross-platform office suite with over 1.2 billion installations.
"To exploit the vulnerability, a registry key under HKEY CURRENT USER needs to be modified, and by doing this an attacker gains persistence on the system and control over the update process," explains Avast in its technical report.
Considering the nature of the targets, which is betting companies, the goal of the threat actors may have been to steal financial details or take over accounts and cash out escrow balances.
News URL
Related news
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- USDoD hacker behind National Public Data breach arrested in Brazil (source)
- Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials (source)
- Hackers exploit Roundcube webmail flaw to steal email, credentials (source)
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Schneider Electric confirms dev platform breach after hacker steals data (source)
- Nokia investigates breach after hacker claims to steal source code (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-23 | CVE-2022-24934 | Unspecified vulnerability in WPS Office wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry. | 9.8 |