Skip to content

Attack that copies your Office documents

BleepingComputer has detailed a nasty little virus that copies all your Office documents and more to a hacker.

It’s a clever little nastie which disguises itself as a Chrome browser add-on then goes to work sending to the hackers details like:

  • Your name
  • Computer name
  • List of installed programs
  • Version of Windows and service pack

All useful details for follow-up attacks on the computer.

Then it scans the computer and looks for files with any of these extensions

DOCX, DOC, XLSX, XLS, PPTX, PPT, PDF, RTF, TXT, SQL and INP

Most will be familiar to you.  Both old and new style Microsoft Office documents plus Adobe Acrobat, RTF documents and plain text files.   SQL are Microsoft SQL server database files.  INP are for InPage word processor, suggesting the hackers are targeting Arabic and Urdu users.

All these documents are sent to the hackers but not directly.  They were going to a legitimate companies web site that had been hijacked to hide the true destination of users files.

What to do?

Same as always, keep your anti-virus software up to date and running at all times.  Windows Defender in recent version of Windows does a good job of checking for nasties and is regularly and automatically updated by Microsoft.  Defender is enough for most people without the need to pay for other anti-virus packages.

Windows 10 Anniversary release has a nice new Defender option called ‘Offline’ which can check a computer before Windows starts.  This and other Defender options are detailed in Windows 10 Anniversary for Microsoft Office users

About this author

Office-Watch.com

Office Watch is the independent source of Microsoft Office news, tips and help since 1996. Don't miss our famous free newsletter.