Security researchers at Fortinet’s FortiGuard Labs have uncovered a sophisticated phishing campaign that uses weaponized Microsoft Word documents to deliver information-stealing malware to unsuspecting Windows users. “This vulnerability allows attackers to execute remote code on a vulnerable machine even without user interaction after a malicious document is opened,” explained security researchers at Trend Micro in their analysis of similar attacks. Upon opening these documents, users unwittingly trigger an exploit targeting the CVE-2017-11882 vulnerability, a 17-year-old security flaw in Microsoft Office’s Equation Editor component. Even more concerning, in March 2025, researchers identified a zero-day vulnerability affecting all major Windows versions that allows hackers to steal passwords without any user interaction beyond simply viewing a malicious file in Windows Explorer. Security experts have recently uncovered “CarnavalHeist,” another malware variant targeting users through weaponized Word documents. To protect themselves, users should exercise caution with email attachments, keep software updated with security patches, and implement multi-layered security solutions that can detect and block such threats before they compromise systems and steal valuable credentials. The attack exploits a well-known vulnerability to deploy FormBook, a dangerous malware variant designed to harvest sensitive user credentials and data. When the malicious Word document is opened, it immediately extracts a disguised DLL file into the system’s temporary folder while simultaneously exploiting the Equation Editor vulnerability to execute the extracted file. In January 2018, Rhino Labs discovered attackers using Microsoft Word’s subDoc feature to steal Windows NTLM password hashes, enabling them to crack passwords and gain unauthorized network access. According to Cisco Talos researchers, this malware specifically targets Brazilians, using Portuguese-language phishing lures to trick users into opening malicious attachments. The company’s security solutions can detect malicious Word documents and the FormBook payload. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 23 Apr 2025 10:35:08 +0000