MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems


Spyware is malicious software engineered to covertly monitor and gather information from a user’s computer without their awareness or consent.

It can record activities like keystrokes, browsing behavior, and personal information, often transmitting this data to a third party for espionage or theft. FortiGuard Labs recently detected an attack exploiting the CVE-2021-40444 vulnerability in Microsoft Office. This flaw allows attackers to execute malicious code via specially crafted documents. In this instance, the exploitation led to the deployment of a spyware payload known as “MerkSpy.” MerkSpy is designed to clandestinely monitor user activities, capture sensitive information, and establish persistence on compromised systems.

Read more…
Source: Fortinet


Sign up for our Newsletter


Related:

  • I spy another mSpy breach: Millions more stalkerware buyers exposed

    July 14, 2024

    Commercial spyware maker mSpy has been breached – again – and millions of purchasers can be identified from the spilled records.… mSpy showed up on Have I Been Pwned on July 11, with the site revealing hacktivists were responsible for the theft of millions of Zendesk support tickets from buyers unable to use the software. “Comprising ...

  • iPhone users in 98 countries warned about spyware by Apple

    July 12, 2024

    In April 2024, we reported how Apple was warning people of mercenary attacks via its threat notification system. At the time it warned users in 92 countries. In a new round, Apple is now warning users in 98 countries of potential mercenary spyware attacks. The message sent to the affected users says: “Apple detected that you ...

  • SentinelLabs uncovers new CapraRAT spyware targeting Android users

    July 1, 2024

    A new report released today by SentinelLabs, warns of a resurgence of CapraRAT spyware targeting mobile gamers and weapons enthusiasts through malicious Android applications. CapraRAT is an Android remote-access trojan virus used by a Pakistan-linked threat actor called Transparent Tribe, also known as APT36, which first emerged around 2018. The malware has primarily been used for ...

  • MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems

    June 27, 2024

    Spyware is malicious software engineered to covertly monitor and gather information from a user’s computer without their awareness or consent. It can record activities like keystrokes, browsing behavior, and personal information, often transmitting this data to a third party for espionage or theft. FortiGuard Labs recently detected an attack exploiting the CVE-2021-40444 vulnerability in Microsoft Office. ...

  • Kremlin critics targeted with spyware inside European Union

    June 5, 2024

    At least seven critics of the Kremlin, including journalists were targeted inside the European Union (EU) by a state using Pegasus, a report by digital civil rights NGO Access Now said on Thursday (May 30). In its report, Access Now said on Thursday an investigation by the NGO revealed that the use of Pegasus (a hacking ...

  • pcTattleTale spyware leaks database containing victim screenshots, gets website defaced

    May 28, 2024

    The idea behind the software is simple. When the spying party installs the stalkerware, they grant permission to record what happens on the targeted Android or Windows device. The observer can then log in on an online portal and activate recording, at which point a screen capture is taken on the target’s device. What goes around ...