Skip to content Skip to sidebar Skip to footer

New Microsoft Component Vulnerabilities Used To Distribute Zyklon Malware That Creating Backdoor !

New Microsoft Office Vulnerabilities Used to Distribute Zyklon Malware that Creating Backdoor !

In Past Days,patched critical Microsoft business office vulnerabilities are used for distributing powerful Zyklon Malware that has simply about sophisticated functionalities such equally creating a backdoor inwards victims machine.

Zyklon Malware has widely spread across the the world since 2016 too its mainly targeting Telecommunications, Insurance, Financial Services.

Zyklon Malware Http beingness advertised inwards a pop cloak-and-dagger marketplace alongside next Prices.

Normal build: $75 (USD)
Tor-enabled build: $125 (USD)
Rebuild/Updates: $15 (USD)
Payment Method: Bitcoin (BTC)
This malware downloads several plugins inwards a browser that volition live on later on performing cryptocurrency mining too password recovery.

A Backdoor that creates past times Zyklon Malware has capable of keylogging, password harvesting, downloading too executing additional plugins, conducting distributed denial-of-service (DDoS) attacks, too self-updating too self-removal.

How does Microsoft Office Vulnerabilities Exploited
Zyklon malware initially delivering through malicious spam emails that comprise attached Zip file that has embedded malicious DOC file.

Once victims click the email, malware exploits iii known Microsoft business office vulnerabilities too PowerShell payload takes over the victims computer.
Later PowerShell script volition communicate alongside Command & Control server too download the concluding payload too execute it inwards a victims machine.

All these vulnerabilities are using same domain is used to download the adjacent grade payload using simply about other PowerShell script too it is responsible for resolving the APIs required for code injection.
It too contains the injectable shellcode. The APIs comprise VirtualAlloc(), memset(), too CreateThread(). Figure ix shows the decoded Base64 code.

The malware may communicate alongside its command too command (C2) server over The Onion Router (Tor) network too the malware sends a POST asking to the C2 server.

This Malware performing additional capabilities such as  Browser Password Recovery, FTP Password Recovery, Gaming Software Key Recovery, Email Password Recovery, License Key Recovery.