Security advisories

Zyklon Malware

February 26, 2019 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

A new version of the Zyklon Malware has been identified in the wild and is actively targeting the Telecommunications, Insurance, and Financial industries. This malware exploits three recent vulnerabilities in Windows Office and has been distributed via phishing campaigns. The Zyklon Malware has a wide variety of capabilities including using infected machines to launch DDOS attacks, stealing credentials through popular browsers and email applications, downloading and executing plugins, replacing bitcoin addresses found in clipboard and tunneling the threat actor’s traffic through the infected machines. According to external sources, the malware is being sold on the dark web for roughly $100. The wide list of capabilities and easy availability of Zyklon makes it highly probable that threat actors will continue employing this malware and pivot to additional industries.

What we’re doing about it

What you should do about it

Additional information

Zyklon Malware exploits the following Microsoft Office vulnerabilities: CVE-2017-8759 [1], CVE-2017-11882 [2] and the DDE Exploit [3].

[1] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8759

[2] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882

[3] https://technet.microsoft.com/en-us/library/security/4053440.aspx

View Most Recent Advisories