A new wave of phishing attacks has been seen targeting victims with SVCReady malware. “The malware is notable for the unusual way it is delivered to target PCs — using shellcode hidden in the properties of Microsoft Office documents,” stated Patrick Schläpfer, a threat analyst at the Hewlett-Packard Company (HP). SVCReady is claimed to be in its early stages of development, with the malware’s designers updating it several times in the last month. The first signs of this malware appeared on April 22, 2022. Infection chains involve delivering Microsoft Word document attachments with VBA macros to targets through email in order to activate the distribution of malicious payloads. Instead of using PowerShell or MSHTA to retrieve next-stage executables from a remote server, this campaign uses a macro that executes shellcode hidden in the document properties, which then drops the SVCReady malware. The malware has the capacity to gather system information, capture screenshots, run shell commands, download, and execute arbitrary files, in addition to gaining persistence on the infected host via a scheduled process.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is