"Malicious Microsoft Office Docs Drop LokiBot Malware"
FortiGuard Labs identified several malicious Microsoft Office documents that, when executed, launch the LokiBot malware on a victim's computer. According to FortiGuard Labs, the malicious Microsoft Office documents exploited the CVE-2021-40444 (CVSS 7.8) and CVE-2022-30190 (CVSS 7.8) Remote Code Execution (RCE) vulnerabilities. Patches for both vulnerabilities have been available for well over a year. LokiBot, also known as Loki PWS, has been an active information-stealing trojan since 2015, according to the researchers. LokiBot targets Windows systems primarily and collects sensitive data from infected devices. It takes advantage of multiple vulnerabilities and Visual Basic for Applications (VBA) macros to initiate attacks. Additionally, it uses a Visual Basic injector to avoid detection or analysis. Using the injector, it can circumvent certain security measures and pose a serious threat to users. This article continues to discuss malicious actors using Microsoft Office documents to exploit known RCE vulnerabilities.
SC Magazine reports "Malicious Microsoft Office Docs Drop LokiBot Malware"