Millions of email users have been attacked by a new cybercrime campaign aiming to exploit a vulnerability in Microsoft Office. The backdoor was discovered by McAfee last week and according to new research from security firm FireEye, criminals ae already trying to take advantage.

FireEye first identified the vulnerability last month, it claims, where Russian hackers were aiming to use it to steal credentials. Earlier this week, though, a large email campaign was undertaken by cybercriminals to attack banking users in Australia.

The email was designed to imitate one that may have come from a printer or scanner. An attachment in the mail, once opened, infected the target with the well-known Dridex malware. The virus then got to work stealing credentials, banking logins and passwords.

“Following a disclosure of specifics related to the zero-day on 7th April 2017, the vulnerability was used in DRIDEX spam campaigns, which continue as of the publication of this blog,” writes FireEye.

“We cannot confirm the mechanism through which the actors obtained the exploit. These actors may have leveraged knowledge of the vulnerability gained through the disclosure, or been given access to it when it became clear that patching was imminent.”

McAfee Labs Vice President Vincent Weafer told CyberScoop that it had not published any technical information and called the blog a report of “in-the-wild” attacks, not a vulnerability disclosure.

by Alex Hamilton
Alex is Senior Reporter at IBS Intelligence, follow him on Twitter or contact him at: