Malware researchers at Trend Micro discovered a new variant of the Asruex Trojan that exploits old Microsoft Office and Adobe vulnerabilities to infect Windows and Mac systems.
“However, when we encountered Asruex in a PDF file, we found that a variant of the malware can also act as an
CVE-2012-0158 is a critical remote code execution (RCE) vulnerability that affected Microsoft Office
CVE-2010-2883 is a stack buffer overflow flaw that could be exploited by attackers to execute arbitrary code or trigger a denial of service condition.
The attack chain leverages a shortcut file that has a PowerShell download script, and spreads through removable drives and network drives.
The use of exploits for well-known vulnerabilities that have been already patc
Because of this unique infection capability, security researchers might not consider checking files for an Asruex infection and continue to watch out for its backdoor abilities exclusively. Awareness of this new infection method could help users defend against the malware variant.
Trend Micro researchers discovered the new Asruex
Researchers reported that attackers also used
“This Asruex variant compresses and encrypts the original executable file or host file and appends it as its
Once executed on a machine, Asruex will check the following information to determine if it is running in a sandbox environment:
“This case is notable for its use of vulnerabilities that have been discovered (and patched) over five years ago, when we’ve been seeing this malware variant in the wild for only a year,” Trend Micro concludes. “This hints that the
(SecurityAffairs – Asruex Trojan, malware)