A POTENTIALLY dangerous new spyware campaign has been targeting Microsoft victims around the globe.
On Wednesday, the tech giant claimed that an Austrian company is posing as a risk analysis and business intelligence service provider.
1
In fact, the company is a spyware developer that created a malware called Subzero, per Tech Radar.
“The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center found a private-sector offensive actor (PSOA) using multiple Windows and Adobe 0-day exploits,” the software giant said in a blog post.
“The PSOA, which MSTIC tracks as KNOTWEED, developed malware called Subzero which was used in these attacks,” Microsoft added.
Microsoft noted that the malware has been actively used in targeted attacks against both Microsoft and Adobe customers.
What is Malware?
The term malware is short for malicious software, and it describes a range of programs like viruses, trojans, and worms.
These programs are created and used by cyber-criminals to destroy or allow hackers to access, other people’s computers or services.
Many types of malware utilize ‘0-day’ exploits, which are vulnerabilities that have not yet been patched or fixed by software developers.
Most read in Tech
How does Subzero work?
Subzero is a 0-day malware that can offer threat actors remote code execution capabilities to take over victims’ devices.
Microsoft observed that some victims had their emails accessed, while others were getting their files publicly exposed.
“The exploits were packaged into a PDF document that was sent to the victim via email,” the company noted.
How can I protect myself?
Microsoft said it will continue to monitor KNOTWEED and Subzero activity and implement protections for customers.
Until then, users are advised to check and update their software versions, immediately.
They should confirm that Microsoft Defender Antivirus is updated to ‘security intelligence 1.371.503.0’ or later.
Furthermore, people should change Excel macro security settings to control which macros run and under what circumstances when they open a workbook.
Running Antimalware Scan Interface (AMSI) is also recommended.
