Talos said the exploit is being distributed through a Microsoft Excel document that has a malicious Flash object embedded into it. Once the SWF object is triggered, it installs ROKRAT, a remote administration tool Talos has been tracking since January 2017. Until now, the group behind ROKRAT—which Talos calls Group 123—has relied on social engineering or exploits of older, previously known vulnerabilities that targets hadn't yet patched. This is the first time the group has used a zeroday exploit.
Page created in 0.02 seconds with 25 queries.