A virus hidden inside a Microsoft Word file is infecting thousands of devices. Here's how it operates and some tips to defend yourself
FortiGuard Labs - a company specializing in computer security - warns that a dangerous Microsoft Word document is being used these days to compromise popular operating systems - Windows and macOS - by exploiting the macro function to download malware onto targeted computers.
This is not the first time cyber criminals have resorted to the macro function integrated in Microsoft's Office suite to infect operating systems, and it seems that this new wave of attacks is based on a similar approach, namely exploiting code written in VBA (Visual Basic for Applications) to distribute malware. What's new is that this Word document is being used to attack Windows and macOS, and researchers have noticed that, depending on the type of operating system, the script uses a different strategy to find the most suitable "way" to make sure it successfully infects the victim's computer on duty.
How does it work?
FortiGuard experts explain that once the script developed in Python (a high-level programming language) contained in the macro is executed, the document attempts to download a file from a link - which they preferred not to specify - and then run it on the computer locally. The script attempts to connect to the host from port 443, but at the time of the test performed by FortiGuard, the server was "down" and was unable to respond to the client's requests. Of course, this does not mean that systems cannot be compromised, as the process triggered by Python remains active on the system, continuing to try to connect in the background until the host responds.
How to defend yourself?
The easiest way to protect yourself from this new wave of attacks is to avoid Word documents from untrusted sources. If you happen to open one of these documents, make sure that you are not running macros because, otherwise, the whole process starts that eventually leads to infecting both Windows and MacOS systems. The good news is that leading antivirus manufacturers are already updating their software to detect these malicious documents, reported as WM/Agent.7F67 malware! TR. So hurry up and update your security programs especially if you work a lot with Office documents.