"Made on Windows 11 Alpha"-themed Microsoft Word documents are actually malware in disguise

Anomali Threat Research, a security research firm, has issued a warning about a malicious Microsoft Word document (maldoc), six of which have been discovered, that is masquerading as a document "made on Windows 11 Alpha." The name of the file is "Users-Progress-072021-1.doc".

Most people familiar with the Windows 11 builds and their variations would probably be aware of such a thing never existing. However, people out of the loop may fall for this and decide to run the file as they might have heard all the commotion about the next-gen Windows OS.

Windows 11 Alpha themed malicious Word document

The maldoc uses VBA (Visual Basic for Application) macros to drop a JavaScript payload upon successful exploitation. The macro is executed when the user clicks on "Enable editing" and "Enable content" as instructed on the document's cover.

There is a lot of junk data so as to make analysis difficult for researchers and cybercrime hunters but cleaning up much of it reveals how the threat actors wish to infect a system with this document.

For example, there are several checks the maldoc performs, like:

  • language
  • checking for VM
  • memory capacity check
  • and a domain called CLEARMIND

CLEARMIND is apparently the domain of a Point-of-Sale (POS) service provider for the retail and hospitality sector. Anomali believes this file has been created by the FIN7 group which is famous for striking such targets to steal large-scale data.

More technical details on the maldoc can be found in the official blog post here.

Report a problem with article
Horizon Forbidden West screenshot
Next Article

Horizon: Forbidden West now offers free upgrades from PS4 to PS5

1494607018_alan_waek
Previous Article

Alan Wake Remastered spotted at retailer, may launch October 5

10 Comments - Add comment

Advertisement