Home Latest Cyber Security News | Network Security Hacking Konni RAT Malware Campaign Spreads Via Malicious Word Files
Latest Cyber Security News | Network Security HackingNews

Konni RAT Malware Campaign Spreads Via Malicious Word Files

by Abeerah Hashim
written by Abeerah Hashim
Konni RAT malware targets Windows via malicious Word files

Researchers caught a new campaign from the notorious Konni RAT malware exploiting malicious Word files. The threat actors distribute the malware via malicious macros embedded in Word files that infect the target systems.

Konni RAT Malware Exploiting Word Docs

According to a recent blog post from FortiGuard Labs, their researchers detected active campaigns of the Konni RAT malware in the wild.

As explained, the threat actors behind the malware exploit Microsoft Word documents to spread the malware. The attackers send Word files with malicious macros to the target Windows users, which infects the systems.

Regarding the malware, Konni RAT is a known threat that previously made it to the news for targeting Russia and North Korea. It’s a potent remote access trojan that exhibits various malicious capabilities, such as stealing credentials, executing commands with elevated privileges, and uploading and downloading files to the target devices.

In a recent campaign, the researchers found the attack was initiated when a victim received a maliciously crafted Word document. This document tricks users into opening it by impersonating legitimate attachments, such as invoices or contracts. When clicked, the Word document asks the user to enable content, which executes a VBA script that further downloads malicious batch script.

This script validates the system information, particularly for Windows, and then performs the relevant actions to remain hidden, including UAC bypass and gaining access to elevated privileges.

Once established on the target systems, the malware gains persistence and extracts data, transmitting it to the C&C server. Besides, it receives commands from the C&C and executes payloads as instructed.

The researchers have shared a detailed analysis of this attack in their post.

While the malware seems dangerous, users can protect their systems from this attack by securing their devices with robust anti-malware solutions. Since the threat has been around for years, most antimalware software can potentially detect and block this threat before execution. Besides, users must practice caution when interacting with attachments from unsolicited sources.

Let us know your thoughts in the comments.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Multiple Vulnerabilities Found In Forminator WordPress Plugin

Palo Alto Networks Patched A Pan-OS Vulnerability Under...

Apple Removed Numerous Apps From China App Store

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...