According to Securonix researchers, the cybersecurity firm
published new research into the malware, saying that the latest Kronos variant, also known as Osiris, was discovered in July this year.
Three distinct, separate campaigns are already underway in Germany, Japan, and Poland which utilize the Trojan.
The primary infection vector is phishing campaigns and fraudulent emails, as well as exploit kits such as RIG. The malicious emails contain crafted Microsoft Word documents or RTF attachments with macros that drop and execute obfuscated VB stagers.
The documents exploit
CVE-2017-11882, a buffer flow vulnerability in the Microsoft Office Equation Editor Component which was discovered back in 2017. If a target system has not been patched, the bug permits the execution of arbitrary code.
