East Asian countries were subjected to attacks by South Korea-linked cyberespionage operation APT-C-60 spreading the SpyGlace malware through the exploitation of an already patched critical WPS Office vulnerability, tracked as CVE-2024-7262, reports The Hacker News.
Such a flaw, which could be leveraged for remote code execution, was concealed by APT-C-60 in a trojanized spreadsheet file that included a link, which would prompt the deployment of SpyGlace alongside a file stealing, command executing, and plugin loading DLL file, according to an ESET report. "The exploit is cunning as it is deceptive enough to trick any user into clicking on a legitimate-looking spreadsheet while also being very effective and reliable. The choice of the MHTML file format allowed the attackers to turn a code execution vulnerability into a remote one," said ESET security researcher Romain Dumont. The findings follow an ESET report detailing the exploitation of a malicious plugin in the Pidgin messaging platform to facilitate DarkGate malware delivery.
