Spyware is malicious software engineered to covertly monitor and gather information from a user’s computer without their awareness or consent. It can record activities like keystrokes, browsing behavior, and personal information, often transmitting this data to a third party for espionage or theft.
Researchers at FortiGuard Labs recently detected an attack exploiting the CVE-2021-40444 vulnerability in Microsoft Office. This flaw allows attackers to execute malicious code via specially crafted documents. In this instance, the exploitation led to the deployment of a spyware payload known as “MerkSpy.” MerkSpy is designed to clandestinely monitor user activities, capture sensitive information, and establish persistence on compromised systems. The below report dissects the stages of this complex attack, offering insights into the techniques used by cybercriminals to infiltrate systems and steal sensitive data.[1]
Link to full report: IR-24-182-001_MerkSpy.pdf
[1] https://www.fortinet.com/blog/threat-research/merkspy-exploiting-cve-2021-40444-to-infiltrate-systems?lctg=141970831
Comments