Skip to main content

Zyklon malware returns to target fresh Office vulnerabilities

(Image credit: Photo Credit: andriano.cz/Shutterstock)

Experts have warned that devices running unpatched versions of the Microsoft Office suite are at risk of having their passwords stolen and having their data compromised.

According to security researchers at FireEye, the Zyklon malware, first spotted in 2016, has resurfaced to target a recently discovered vulnerability in Office. 

Through Zyklon, cyberattackers can harvest passwords, or use the infected machine for DDoS attacks.

"The malware can download several plugins, some of which include features such as crypto-currency mining and password recovery, from browsers and email software," warned FireEye security researchers Swapnil Patil and Yogesh Londhe in an online advisory detailing the many dangers posed by Zyklon.

This time around, however, Zyklon is targeting businesses, including financial institutions, insurance and telecom companies.

The malware leverages Office vulnerability (CVE-2017-11882), infecting a system through malicious email attachments. When the attachment is opened, another file is downloaded in an embedded OLE (Object Linking and Embedding). This contains a PowerShell command that finally downloads the malware.

"What stands out the most to me is that the Zyklon malware is being packaged with pricing tiers based on features. We have seen many attacks now leveraging Tor for outbound communication and PowerShell for malware updates," said Morales in email remarks sent to eWEEK (opens in new tab). Tor is free open source software that enables anonymous web communication.

"We have even seen a large influx of crypto-currency mining tools over the last 6 months, in particular within universities," added Morales, before noting that Zyklon gathers multiple malicious software components "into single package that can be neatly deployed by an end user, just like you would add features to the base price of a car."

Photo Credit: andriano.cz/Shutterstock

Sead Fadilpašić
Sead Fadilpašić

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.