Home » Cyber Security News » W97M/Downloader hosted on multiple CMS like Magento, WordPress, and Joomla

W97M/Downloader hosted on multiple CMS like Magento, WordPress, and Joomla

  • This malware campaign has primarily targeted the United States, Germany, India, and the United Kingdom.
  • W97M steals banking login credentials and sends it to .ru websites.

Researchers observed that some instances of the W97M/Downloader malware are now being served in compromised websites by a custom PHP dropper.

The big picture

  • The compromised websites include malicious W97M documents which contain VB scripts.
  • The websites trick victims into downloading the document (INVOICE-959502-12723.doc), upon which the VB script downloads and executes a specific malware from its C&C server.

“W97M/Downloader is a specially-crafted Microsoft Word document that, when opened, silently executes a malicious macro that connects to multiple remote servers to download and display additional components,” researchers described.

This malware campaign has primarily targeted the United States, Germany, India, and the United Kingdom.

Key highlights

  • The downloader malware is hosted on multiples CMS like Magento, WordPress, and Joomla. However, the malicious code is not CMS based.
  • W97M is usually distributed via malspam campaigns and infects Chrome or Firefox to inject malicious code into browsers.
  • This malware also steals banking login credentials and sends it to .ru websites.
  • W97M has also been serving as a bridge to ransomware such as TeslaCrypt as well as Banking Trojans such as Dridex and Vawtrak, which are part of Zeus malware family.

How to stay protected?

  • Security experts recommend users not to enable the macro functionality within Microsoft Office.
  • Researchers also request users to avoid opening emails and attachments sent by unknown parties.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket