Solarquest

Level 32
Verified
Staff member
Malware Hunter
In late October, security researchers from Cymulate showed a proof of concept (PoC) exploiting a logic bug that could allow hackers to abuse the online video feature in Microsoft Office to deliver malware. We indeed identified an in-the-wild sample (detected by Trend Micro as TROJ_EXPLOIT.AOOCAI) in VirusTotal, using this method to deliver the URSNIF information stealer (TSPY_URSNIF.OIBEAO).

What is the malware’s infection vector?
...
...

VT 3/60
VirusTotal

VT Ursnif 42/65
VirusTotal