Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Invitation to Disagreement Link from ASYNCRAT and SKULD Theft, focused on cry

June 14, 2025

More than 269 000 sites infected with malicious JSFiretruC JavaScript software in one month

June 13, 2025

Transition from Monitoring Alert to Risk Measurement

June 13, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Top -3 MS Office exploits hackers used in 2025 – be able!
Global Security

Top -3 MS Office exploits hackers used in 2025 – be able!

AdminBy AdminMarch 27, 2025No Comments6 Mins Read
MS Office Exploits
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


MS Office Exploise

Hackers have long used Word and Excel documents as vehicles for malware, and in 2025 these tricks are far from the elderly. From phishing schemes to zero click feats, malicious office files are still one of the easiest ways to the victim.

Here are the top three feats by Microsoft Office, which still do rounds this year, and what you need to know to avoid them.

1. Phisching in the MS office: favorite hackers

Phishing attacks using Microsoft Office files have been around for many years and they are still strongly. Why? Because they work, especially in business conditions, where teams are constantly exchanged with Word and Excel documents.

Attackers know that people are used to opening office files, especially when they come from what is like a colleague, client or partner. Fake account -facto, general report or job offer: No much to convince someone to press. And as soon as the file is open, the attacker has his chance.

Phishing with office files are often aimed at theft of accounts. These documents can include:

  • Links to Fake Pages to login Microsoft 365
  • Phishing portals that mimic tools or services
  • Redirect chains that end up landing on the site

In this session of analysis malware.

View the analysis session with Excel file

The Excel file containing a malicious link found in any.

When pressed by the victim, the web page that shows Cloudflare “Make sure you check the person”.

Check Cloudflare passed with automated UP.RUN interactivity

By pressing, there is another redirect; This time on the fake Microsoft entry page.

Malicious reference to fake Microsoft login page with random characters

At first glance, it may look real. But inside the sandbox, it is easy to notice red flags. Microsoft’s login URL is not official; It is filled with random characters and clearly does not belong to the Microsoft domain.

Give your team the right tool for detecting, investigating and threatening reports faster in a safe environment.

Get the test of any.Run To access advanced analysis of malware

This fake logging page where the victim is unconsciously transmitted to the entry directly to the attacker.

The attackers also become more creative. Recently, some phishing documents have been shipped with QR codes built into them. They should be scanned by a smartphone by sending a victim to phishing -sight or running malware. However, they can be detected and analyzed with the help of tools, like any sand box.

2. CVE-2017-1182: Editor of the equation that will not die

It was first discovered in 2017, the CVE-2017-11882 is still exploited today, in the environment that works outdated versions of Microsoft Office.

This vulnerability focuses on Microsoft equations editor – rarely used component that was included in the construction of old offices. Operation is dangerous: just opening a malicious word file can cause operation. No macros, no additional clicks.

In this case, the attacker uses a deficiency to download and start the useful load of malware in the background, often through a remote connection to the server.

In our series of analysis, a useful load, was the Tesla agent, a known information theft used to capture the key, credentials and clipboard data.

Session Analyzing Views with a Nasty Useful Load

Phishing -electronic mail containing malicious investment investment

In the MITER ATT & CK section, we see how any sand box revealed this specific technique used in the attack:

The exploitation of the equation editor revealed by any.Run

Although Microsoft secured vulnerability years ago, it is still useful for the orientation systems that have not been updated. And with macro disabled by default in new office versions, Cve-2017-11882 became a backup for cybercriminals who want guaranteed execution.

3. Cve-2012-30190: Follina still in the game

Follina Exploit (Cve-2012-30190) remains favorite among the attackers for one simple reason: it works without macros and requires no interaction of users outside the opening of the Word file.

Follina abuses Microsoft’s diagnostic tool (MSDT) and special URL built into office documents to execute the remote code. This means that just browsing the file is enough to launch malicious scenarios, often based on PowerShell that turn to the server team and control.

View the analysis session with Folina

Follina’s technique detected inside any sandbox

In our sample analysis of malware, the attack went on. We observed the “Stegocampaign” tag, which indicates the use of stegography – technique when malicious software is hidden inside the image files.

Using stegography in the attack

The image is loaded and processed using PowerShell, removing the actual useful load without lifting immediate alarm.

Image with a malicious useful load, analyzed in any.Run

Worse, Follina is often used in multi -stage attack chains, combining other vulnerabilities or useful loads to increase exposure.

What does it mean for teams using MS Office

If your team greatly relies on Microsoft Office on everyday work mentioned above should be calling for wakefulness.

Cybercriminals know that office files trust and widely used in business. That’s why they continue to operate them. Whether it is an Excel Simple letter that hides a phishing -leisure or document that silently triggers the malicious code, these files may present serious risks to the security of your organization.

That’s what your team can do:

  • Review how documents in the office are being considered on the Internet; Limmy who can open or upload files from external sources.
  • Use tools like any.Run A sand box for reviewing suspicious files in a safe, isolated setting before anyone in your team will open them.
  • Update all office software regularly and disable hereditary functions such as macros or equation editor where possible.
  • Be aware of About new operating methods related to Office formats so that your security team can respond quickly.

Analyze the mobile malicious software using the new Android.RUN support

The threat does not stop in office files. Mobile devices are now a key goal, and the attackers distribute malicious software through fake applications, phishing -malt and malicious opt.

This means that a growing surface of the business attack and the need for extensive visibility.

Using new Android OS support. Your security team can now:

  • Analyze the malicious Android software in real mobile settings
  • Explore suspicious APK behavior before it gets into manufacturing devices
  • Respond to mobile threats faster and with greater clarity
  • Support responding to the incident both on the working and mobile ecosystems

This is a big step to the full coating, and it is available in all plans, including free.

Start your first analysis of Android threats today and give the safety analysts the visibility required to protect your mobile attack surface.

Found this article interesting? This article is a contribution to one of our esteemed partners. Keep track of us further Youter  and LinkedIn To read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Invitation to Disagreement Link from ASYNCRAT and SKULD Theft, focused on cry

June 14, 2025

More than 269 000 sites infected with malicious JSFiretruC JavaScript software in one month

June 13, 2025

Transition from Monitoring Alert to Risk Measurement

June 13, 2025

Band

June 13, 2025

Apple Zero Click’s downside in reports to spy on journalists using spyware Paragon software

June 13, 2025

Both Vextrio and affiliates control the global network

June 12, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Invitation to Disagreement Link from ASYNCRAT and SKULD Theft, focused on cry

June 14, 2025

More than 269 000 sites infected with malicious JSFiretruC JavaScript software in one month

June 13, 2025

Transition from Monitoring Alert to Risk Measurement

June 13, 2025

Band

June 13, 2025

Apple Zero Click’s downside in reports to spy on journalists using spyware Paragon software

June 13, 2025

Both Vextrio and affiliates control the global network

June 12, 2025

How to Decide Safety Expanding

June 12, 2025

The new tokenbreak attack combines AI moderation with a one -sided character change

June 12, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Invitation to Disagreement Link from ASYNCRAT and SKULD Theft, focused on cry

June 14, 2025

More than 269 000 sites infected with malicious JSFiretruC JavaScript software in one month

June 13, 2025

Transition from Monitoring Alert to Risk Measurement

June 13, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.