AKBuilder: A builder for exploit-laden Word documents

Wingman

Level 4
Thread author
Verified
Well-known
Feb 6, 2017
154
...
According to SophosLabs principal researcher Gábor Szappanos, two versions of the builder have, at one time or another, found their way to the market.

Sold for $550 (or thereabouts), the builder – which comes in the form of a Python script – requires users to simply enter the name of the payload file, that of the decoy document, and the name of the generated exploit document.

The first version of the builder (AK-1) exploits the CVE-2012-0158 and CVE-2014-1761 vulnerabilities, and was active from mid-2015 to mid-2016. The second one (AK-2) exploits CVE-2015-1641, and took over where AK-1 left off.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top