New SVCReady malware loads from Word doc properties

A previously unknown malware loader named SVCReady has been discovered in phishing attacks, featuring an unusual way of loading the malware from Word documents onto compromised machines.

More specifically, it uses VBA macro code to execute shellcode stored in the properties of a document that arrives on the target as an email attachment.

According to a new report by HP, the malware has been under deployment since April 2022, with the developers releasing several updates in May 2022. This indicates that it is currently under heavy development, likely still at an early stage.

Read more…
Source: Bleeping Computer