Subj : Watch out - hackers are hiding malicious Microsoft Word files in To : All From : TechnologyDaily Date : Tue Aug 29 2023 16:30:04 Watch out - hackers are hiding malicious Microsoft Word files in PDFs Date: Tue, 29 Aug 2023 15:15:14 +0000 Description: Threat actors are abusing polyglots to deliver malware, Japanese researchers warn. FULL STORY ====================================================================== Hackers are using polyglots to try and get their targets to install malware on their devices, experts have warned. Research from the Japanese computer emergency response team (JPCERT) has revealed that hackers are distributing a file that can be either a . PDF file , or a .DOCX file. Polyglots are file types that feature two different formats, and as such, carry two different extensions. Running macros The file in question, a .PDF document, hosts a Word document that carries a VBS macro. If the victim opens the file with Microsoft Word, the file will download and install MSI malware. The silver lining here is that Macros are still disabled by default in Microsoft Office programs. That means that even if the victim downloads and runs the malicious file, they still need to manually disable these protections and unblock the file, in order to have the macro download the malware and infect the endpoint. The Japanese researchers did not say who was behind the campaign, or which malware was being distributed. They did say that the attack was first detected in July this year, and that it managed to successfully bypass antivirus detection in at least one instance. This is probably because most scanning engines see the file as a .PDF, despite it being opened as a regular Word document, the researchers speculate. Read more > Uh oh, malicious Windows shortcuts are making a return > Cybercriminals have found a cunning new way to evade security protections > These are the best free and paid options for the best firewall software The abuse of polyglot files to work around antivirus programs is nothing new and has been well documented before, BleepingComputer reminds, but adds that the researchers see this specific technique as novel. Last year, Microsoft finally decided to block macros running on default within Office files, due to the overwhelming abuse of the feature by various threat actors. Instead, only files that werent downloaded from the wider internet can have macros enabled without needing to go through multiple activation steps. Here's our rundown of the best malware removal services right now Via: BleepingComputer ====================================================================== Link to news story: https://www.techradar.com/pro/security/watch-out-hackers-are-hiding-malicious- word-files-in-pdfs --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .