FIN7 hackers send malicious Word files to steal data from Windows computers

The well-known cybercriminal group FIN7 has launched a new virus spreading campaign based on the victims ‘curiosity and interest in the new Windows 11 platform. Attackers send several infected Word files, the launch of which loads malicious software into the system that allows them to steal victims’ data.

Image: HotHardware

Image: HotHardware

It is believed that the attackers have been sending malicious Word files since June this year. Around the same time, Microsoft released the first test build of Windows 11, which caused a high level of interest in the new operating system. The cybercriminals decided to take advantage of this by distributing malicious files that were allegedly created in Windows 11. The method of distributing such files is not disclosed, but, most likely, phishing mailing lists are used for this.

When such a file is launched, the user is prompted to allow editing and execution of the content, which should not arouse suspicion. However, these simple steps will trigger a macro that loads the JavaScript backdoor that FIN7 has been using successfully since at least 2018. Once the backdoor is loaded, hackers can deliver other malware into the system, depending on their goals. This tactic is highly successful, as FIN7 is credited with stealing more than 15 million payment cards and causing approximately $ 1 billion in property damage.

Image: Anomali

Image: Anomali

According to reports, FIN7 has been active for the past six years and is primarily aimed at US users. The source notes that in 2018, law enforcement agencies managed to arrest three members of the group, and one “high-ranking organizer” was detained in April this year. Despite this, the group continues to operate.


About the author

Robbie Elmers

Robbie Elmers is a staff writer for Tech News Space, covering software, applications and services.

Add Comment

Click here to post a comment