Zero Day flaw in Internet Explorer named Double Kill Exploited by APT Group

OopsIE Trojan

Security researchers have discovered a zero-day vulnerability in Internet Explorer named Double Kill which has been embedded in a Microsoft Office document.

The vulnerability was discovered by researchers at 360 core security on April 18, 2018, and said an APT group was observed exploiting the flaw to target a limited number of users.

According to researchers, the attackers can compromise victims system by simply tricking to them to open a malicious document

Attackers will utilize the flaw to implant a backdoor trojan and gain full access to the target system. When the victim opens the malicious document, all exploit code, and malicious payload are loaded from the remote server.

Here the attacker also uses public UAC bypass technique, file steganography, and memory reflection loading to avoid traffic monitoring and fileless download.

The zero vulnerability affects all the latest versions of internet explorer and applications which uses IE kernel.

Researchers said they have reported the flaw to Microsoft on April 19 and Microsoft confirmed the flaw on the next day itself. The patch for the vulnerability is yet to be released.

360 core security team refused to reveal the name of the APT group and more detail about the attack because of the ongoing investigation.

“The “double kill” vulnerability can affect the latest versions of Internet Explorer and applications that use the IE kernel. At present, 360 is urgently promoting the release of the patch. We would like to remind users not to open any unfamiliar Office documents and use security software to protect against possible attacks.”

 

Comments

Please rate this content