CVE-2017-8570 and CVE-2018-0802 exploits being used to spread LokiBot

Zscaler ThreatLabZ has been tracking the usage of malicious RTF documents that leverage CVE-2017-8570 and more recently CVE-2018-0802 vulnerability exploits to install malicious payload on the victim machine. In this blog, we'll share our analysis of a campaign leveraging these two exploits to deliver LokiBot. These malicious documents spread by ... Read More

CVE-2017-11882 serving RAT and encrypted phishing campaign

Introduction Malicious documents remain one of the most popular vectors for cybercriminals to deliver malware payloads on a user's system. While we continue to see many types of VBA macro-based malware, there has been an increasing trend in malicious documents using the DDE protocol for delivering malware executables, which we ... Read More

Microsoft DDE protocol based malware attacks

Introduction Over the past few weeks, there have been several reports about the Microsoft Dynamic Data Exchange (DDE) vulnerability. To no one's surprise, hackers have been quick to exploit this vulnerability to spread malware through rigged Microsoft Word documents. In this same timeframe, the Zscaler ThreatLabZ team has seen a ... Read More