New Malware Strain ‘SVCReady’ Loads from Word Documents
Security researchers discovered a new malware loader dubbed ‘SVCReady’ in recent phishing attacks. The malware has an atypical way of infecting the compromised device, by loading from Word documents’ properties.
SVCReady stores shellcode in the properties of malicious Word documents and executes it through VBA macro code. Threat actors usually deploy infected Word documents as email attachments.
Researchers believe the malware has been around since April and noticed an influx of updates from its developers in May. This led them to believe that, although SVCReady is still in its early days, it’s likely under heavy development.
Despite the malware’s purported infancy, it boasts several features, including encrypted C2 communications, persistence, data exfiltration, and detection evasion.
More on this on our blog: