Fortinet researchers recently found some malicious Microsoft Office documents that attempted to leverage legitimate websites, MediaFire and Blogger, to execute a shell script and then dropped two malware variants of Agent Tesla and njRat. Agent Tesla is a well-known spyware, first discovered in 2014, which can steal personal data from web browsers, mail clients, and FTP servers, collect screenshots and videos, and capture clipboard data. njRat (also known as Bladabindi) is a remote agent Trojan first discovered in 2013 that is capable of remotely controlling a victim’s device to log keystrokes, access the camera, steal credentials stored in browsers, upload/download files, manipulate the registry, and more.
Affected platforms: Microsoft Windows
Impacted parties: Windows users
Impact: Control and collect sensitive information from a victim’s device
Severity level: Critical
The Fortinet researcher report will provide details of the documents we discovered, their embedded scripts used to deliver a payload, and the behavior of these malware variants.
Kink to full report: IR-22-278-001_MS365Attacks.pdf
Comments