Security researchers noticed multiple cybercriminal operations using OpenDocument Text (ODT) files to distribute malware that is typically blocked by antivirus engines. The campaigns target English and Arabic-speaking users.
ODT files are archives that can hold text, images, and objects, such as XML-based files that can be opened by Microsoft Office and similar, open-source software (
LibreOffice,
OpenOffice).
Two RATs and an info-stealer
Some antivirus engines treat ODT files as standard archives and do not open the document as a Microsoft Office file, allowing malware to be downloaded on the target host.
In one of the campaigns targeting Microsoft Office users, the cybercriminals embedded an OLE (Object Linking and Embedding) in ODT documents to download the well-known remote access trojans (RATs).
... ...
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
