Malware

SmokeLoader Malware Abusing MS Office Document and Compromise Windows 8 ,10 Users PC

A dangerous malicious campaign SmokeLoader Malware abusing MS office document that spreading via spam Email and targetting windows 8 and above users.

Email medium is mainly used by attackers nowadays which carried out a variety of malware campaign and spreading across the world to infect a large number of users.

SmokeLoader Malware has acted and taken advantage of the infamous bug Meltdown and Spectre which affects almost all the modern processors and pushes Smoke Loader malware as a patch.

In this case, attackers using a different kind of  Email body content to gain more trust from the targeting users and compromise them to believe it as a legitimate one.

Also, attacker injecting shellcode into office document and compromise users to enable the macro which leads to install the malicious code on the victim’s machine.

Also Read: Hacking Group Spies on and Steal Data from Android Users Posing Actress Nude Photos

How does this Smokeloader Malware infect the users

Initially, attacker distributing Spam Email campaign that contains an information about job applications which is not actually a legitimate content.

The Mail also contains an attached zip file which is protected by a password and the password is clearly mentioned within the body of the Mail.

In this case, attacker protects an attached file with a password to evade the email security software.

Once the user opens the attachment, it promotes to enter the password which is given in the body of the email.

After users enter the password, a malicious word document will be downloaded which contains a Malicious macro code and the document keep asking users to enable the Macro to infect the user.

Once the user enabled the macro, suddenly a PowerShell” script will be executed in the background and it will launch a payload.

According to QuickHeal, If we look closely, the malicious file is hosted as a poop.jpg file on the attacker’s server, which is actually an executable SmokeLoader malware. This file is dropped with the name DKSPKD.exe at %Temp% location and launched to perform malicious activities.

How to protect:

To Top

Pin It on Pinterest

Share This