What is Smoke Loader? New Booby-Trapped Microsoft Word Files Can Infect Your Computer

By Jason Murdock

The cybersecurity division of technology company Cisco has warned that a malicious application that infects computers using booby-trapped Microsoft Word files has learned new tricks.

Researchers from the outfit, known as Talos, said today that notorious software, code named “Smoke Loader,” was among the first payloads to use an injection technique known as PROPagate in a real-world scenario. PROPagate, discovered in October 2017, is a new way of targeting Windows machines. Cyber experts said they had been tracking the new variant for “the past several months.”

Smoke Loader is typically used by hackers as a “downloader” in cyberattacks, with the initial infection vector being an email containing a malware-ridden Word document. If a victim opens the attachment it will drop and execute additional malware. This can include ransomware, which locks system files and demands money, or cryptomining tools, which compromise a computer’s processing power to create various forms of virtual currency.

The latest campaign was no different, Talos said. In a Tuesday blog post, researchers Ben Baker and Holger Unterbrink said the aim was to steal data and email login details from the victim’s PC, specifically targeting sensitive information transferred over a web browser, including Windows credentials.

Read More…