Security News > 2022 > June > Researchers Warn of Spam Campaign Targeting Victims with SVCReady Malware

A new wave of phishing campaigns has been observed spreading a previously documented malware called SVCReady.

"The malware is notable for the unusual way it is delivered to target PCs - using shellcode hidden in the properties of Microsoft Office documents," Patrick Schläpfer, a threat analyst at HP, said in a technical write-up.

SVCReady is said to be in its early stage of development, with the authors iteratively updating the malware several times last month.

Where this campaign stands apart is that instead of employing PowerShell or MSHTA to retrieve next-stage executables from a remote server, the macro runs shellcode stored in the document properties, which subsequently drops the SVCReady malware.

HP said it identified overlaps between the file names of the lure documents and the images contained in the files used to distribute SVCReady and those employed by another group called TA551, but it's not immediately clear if the same threat actor is behind the latest campaign.

"However, our findings show that similar templates and potentially document builders are being used by the actors behind the TA551 and SVCReady campaigns."

News URL

https://thehackernews.com/2022/06/researchers-warn-of-spam-campaign.html