A security company has found Australians were specifically targeted with malware that exploits a bug in Microsoft Word to steal users’ banking details.
Last week, multiple tech security researchers found a bug called Dridex in Microsoft Word. The flaw allowed malicious Word files to contain code that would download malware while popping up a fake document to the user. The malware can then record user activities, in order to steal banking data.
While Microsoft urgently developed an update to close the loophole, the patch was not released until late Tuesday Australian time. And already on Tuesday morning, emails that contained malicious Word docs were sent out to Australians, according to Proofpoint.
The emails typically pretended to be from a printer or scanner at the recipient’s company with the subject line “Scan data” – and had the malware document attached with names similar to “Scan_123456.doc”. It would rely on users thinking that it was a legitimate paper document that had been digitised, to entice them to open it.
Proofpoint threat research vice president Bryan Burns said that Australians were specifically targeted to exploit the time zone and maximise the exposure period.
“They wanted to take advantage of the small window before it was patched. Sending it to Australian organisations early on Tuesday morning Australian time/late Tuesday US time provided a longer window of possible exposure.”
Unfortunately, turning off macros does not protect against this attack, as it uses a logical bug in Microsoft Office. The only solution is to download the security patch released overnight by Microsoft.