The latest vulnerability comes in the form of a phishing email, pretending to be an offer of a raise in compensation, including an attached Word Document (RTF file). Once activated, the malware then checks if the system is a virtual machine, stealing information from multiple web browsers, mail clients, and file services, and collecting system information that gets exfiltrated to an attacker-controlled server. Below is the data that can be compromised:
- First, hackers infiltrate usernames, computer information, and Windows domain information.
- Second, passwords are collected from browsers such as Mozilla Firefox, Google Chrome, Opera, Microsoft Edge, and many more.
- Lastly, data is collected from sites such as WeChat, Microsoft Office, Windows Live Mail contacts, Mozilla Thunderbird, Filezilla passwords, and many more.
- The attacker can then install applications, read, alter, or remove data, or establish new accounts within the context allowed by the user’s rights. All of these actions are dependent on the user’s permission.
What You Need to Know
This vulnerability was reported a week ago, but has since spread. As of now, Microsoft has released no patches for CVE-2022-30190.
We recommend being aware of any emails with similar messaging. Also, this particular malware collects passwords from browsers such as Mozilla Firefox, Google Chrome, Opera, Microsoft Edge. We highly reinforce the importance of using a Password Manager and not using your browser to store passwords.
If you have any questions regarding this vulnerability, reach out to a member of the BMT support team.
