silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,210
According to Securonix researchers, the cybersecurity firm published new research into the malware, saying that the latest Kronos variant, also known as Osiris, was discovered in July this year.
Three distinct, separate campaigns are already underway in Germany, Japan, and Poland which utilize the Trojan.
The primary infection vector is phishing campaigns and fraudulent emails, as well as exploit kits such as RIG. The malicious emails contain crafted Microsoft Word documents or RTF attachments with macros that drop and execute obfuscated VB stagers.
The documents exploit CVE-2017-11882, a buffer flow vulnerability in the Microsoft Office Equation Editor Component which was discovered back in 2017. If a target system has not been patched, the bug permits the execution of arbitrary code.