Zyklon malware spreads thru flaws in Microsoft Office

Zyklon threat has been an intimidating virus ever since 2016 and it can implement a number of malicious activities. For instance, it can start denial-of-service attacks, steal users’ personal information like passwords, function similarly to a key-logger, and to mine crypto-currencies.

Now, the controllers of Zyklon are attempting to spread this virus via a deceptive spam campaign, urging people to download malicious ZIP archives. This file contains several Microsoft Office documents, designed to take advantage of Microsoft Office vulnerabilities.

Zyklon malware

FireEye researchers have indicated that hackers mostly target telecommunications, insurance and financial service companies. However, random people could also receive spam in their email accounts as well.

Vulnerabilities in Microsoft Office

In total, Zyklon malware takes advantage of three vulnerabilities in Office. The first one is the .NET framework bug. If a malicious document is opened and it manages to exploit this flaw, hackers get an opportunity to install software, control data, and even create new privileged accounts. Surprisingly, this vulnerability has been patched back in October of 2017. However, many Windows users are ignorant to regular updates and continue on using flawed software. Hackers appreciate these attitudes and hope that many surfers ignore security patches.

In addition to this, Zyklon virus also tries to run a malicious file, consisting of a PowerShell command. If successful, the command manages to get the actual malware into the computer. However, this vulnerability in Microsoft Equation Editor has been also patched in 2017. If users take monthly patches, they are well-protected from similar attacks. If you are hearing of “patches” for the first time, please try to look what you have missed.

The third so-called flaw is not described as an issue by Microsoft. The company indicates it as a legitimate feature. However, security researchers have found the Dynamic Data Exchange to be rather suspicious.

After the mentioned vulnerabilities are exploited, the malicious files download the actual payloads of Zyklon malware. These harmful files are retrieved from Pause.ps1 website. After that, operating systems officially become infected with this disturbingly-named virus.

Protect yourself from Zyklon attacks

Zyklon can cause serious damage in your operating system. It can even self-update and self-remove. This means that once the malware does everything it needs, it can simply remove itself from an operating system. In addition to this, malware can install additional malicious programs. Once it is inside an operating system, it is pretty difficult to determine the final results. Ultimately, your OS could be infested with miners, rogue software apps, key-loggers and other intrusive infections.

Source: securityweek.com.

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Security Guides

Recent Comments