Hackers have launched a new spam campaign, targeting the telecommunications, insurance and financial services industries. The campaign involves hackers using new Microsoft Office vulnerabilities to spread a potent backdoor malware called Zyklon.
According to security researchers at FireEye, Zyklon comes fully loaded with a variety of features — it can steal passwords, has keylogging capabilities and allow hackers to launch DDoS attacks and mine cryptocurrency, among other things.
"Zyklon is a publicly available, full-featured backdoor capable of keylogging, password harvesting, downloading and executing additional plugins, conducting distributed denial-of-service (DDoS) attacks, and self-updating and self-removal," FireEye researchers said in a blog.
"The malware may communicate with its command and control (C2) server over The Onion Router (Tor) network if configured to do so. The malware can download several plugins, some of which include features such as cryptocurrency mining and password recovery, from browsers and email software. Zyklon also provides a very efficient mechanism to monitor the spread and impact," they added.
FireEye researchers also said that the malware "automatically detects and decrypts the license/serial keys of more than 200 popular pieces of software, including Office, SQL Server, Adobe, and Nero". It also allows hackers to hijack Bitcoin address clipboards and replaces a user's copied address with a different address controlled by the cybercriminals.
Hackers can reportedly purchase a regular version of the malware for $75 (£54), the Tor-enabled build for $125 and buy the updates for $15 — all of which can be paid for in bitcoins, SCMagazine reported.
"Threat actors incorporating recently discovered vulnerabilities in popular software – Microsoft Office, in this case – only increases the potential for successful infections. These types of threats show why it is very important to ensure that all software is fully updated. Additionally, all industries should be on alert, as it is highly likely that the threat actors will eventually move outside the scope of their current targeting," FireEye researchers warned.