It’s always important to use care when opening suspicious emails, but right not it’s especially important. That’s because hackers are using vulnerabilities in Microsoft Office to spread malware that can do a ton of damage to your computer and even your finances.
If installed successfully, the malware grants hackers access to your files, your website login credentials, your email accounts, and even your bitcoin wallet. This is bad code you definitely don’t want installed on your machine.
Researchers at FireEye have observed a new campaign attempting to deliver the malware via spam emails to targets in the telecommunications, insurance, and financial services industries, with all of these attacks attempting to exploit recent vulnerabilities uncovered in Microsoft Office software.
The phishing emails are designed to be relevant to the selected target and include a ZIP file containing a malicious lure document, which users are encouraged to open. Once the Microsoft Office document file is accessed, the Office vulnerabilities are exploited and the PowerShell-based payload is run, infecting the victim.