Monday, December 30, 2024

Check Before Opening Encrypted Microsoft Word Documents Emailed to You

Threat intelligence analysts have now reported a surge in the activity of the Paper Werewolf cluster, also known as GOFFEE, which uses infected Microsoft Windows Word documents to launch mostly espionage-driven, credential-compromising attacks.

Like so many other attack campaigns, Paper Werewolf uses phishing emails and brand impersonation to distribute its malicious payload. These messages contain an encrypted Microsoft Word document that prompts the recipient to enable macros in order to read it. If they do this, then the content of the document is decrypted, and the malicious program is installed on their device. The threat intelligence analysts said that, in some instances, they observed the use of PowerRAT, a remote access trojan, enabling the attackers to execute commands and carry out reconnaissance. more