Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Microsoft’s MSHTML issue is used to deliver the MerkSpy spyware
Global Security

Microsoft’s MSHTML issue is used to deliver the MerkSpy spyware

AdminBy AdminJuly 6, 2024No Comments3 Mins Read
MerkSpy Spyware Tool
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


July 3, 2024Information hallSpyware / Vulnerability

BrandSpy spy tool

Unknown threat actors have been observed using a patched security flaw in Microsoft MSHTML to create a tracking tool called BrandSpy within the campaign, primarily targeting users in Canada, India, Poland, and the United States

“MerkSpy is designed to covertly monitor user activity, collect sensitive information, and preserve compromised systems,” Fortinet FortiGuard Labs researcher Kara Lin said in a report published last week.

The starting point of the attack chain is a Microsoft Word document that allegedly contains a job description for a software engineer.

Cyber ​​security

But opening the file causes an exploit CVE-2021-40444, a serious flaw in MSHTML that could lead to remote code execution without the need for user interaction. This was resolved by Microsoft as part of the Patch Tuesday updates released in September 2021.

In this case, it opens a path to download an HTML file (“olerender.html”) from the remote server, which in turn initiates the execution of the embedded shellcode after checking the operating system version.

“Olerender.html” takes advantage of “”VirtualProtect”” to change memory access rights, allowing decoded shellcode to be safely written to memory,” Lin explained.

“CreateThread then executes the injected shellcode, setting the stage for the next payload to be downloaded and executed from the attacker’s server.” This process ensures that malicious code runs smoothly, making further exploitation easier.”

The shellcode serves as the downloader for a file that is deceptively named “GoogleUpdate,” but actually contains an injector payload responsible for evading detection by security programs and loading MerkSpy into memory.

Spyware installs persistence on the host through changes to the Windows registry so that it starts automatically when the system starts. It also comes with capabilities to covertly collect sensitive information, monitor user activities, and output data to external servers under the control of threat actors.

Cyber ​​security

This includes screenshots, keystrokes, login credentials stored in Google Chrome, and data from the MetaMask browser extension. All this information is sent to the URL “45.89.53(.)46/google/update(.)php.”

The development comes as Symantec launched a stunningly detailed campaign targeting US users with snippets of SMS messages purporting to be from Apple and intended to trick them into fake credential collection pages (“signin.authen- connexion(.)info/icloud” ) to continue using the services.

“The malicious website is accessible from both desktop and mobile browsers,” the Broadcom-owned company said said. “To add a layer of perceived legitimacy, they implemented a CAPTCHA that users must complete. Users are then directed to a web page that mimics the outdated iCloud login template.”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025

Why are more security leaders choose AEV

June 6, 2025

New data Wiper Pathwiper Data Wiper violates Ukrainian critical infrastructure in 2025 attack

June 6, 2025

Popular Chrome Extensions API leaks, user data via HTTP and Hard Codes

June 5, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025

Why are more security leaders choose AEV

June 6, 2025

New data Wiper Pathwiper Data Wiper violates Ukrainian critical infrastructure in 2025 attack

June 6, 2025

Popular Chrome Extensions API leaks, user data via HTTP and Hard Codes

June 5, 2025

Researchers in detail in detail decisively developing tactics as it expands its geographical volume

June 5, 2025

Iran related

June 5, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.