Menu
Cart

Steganography used to hide Word and Excel attack

Last updated:
Featured,Microsoft 365,Microsoft Excel,Microsoft Office,Microsoft Word,Office 2000,Office 2003,Office 2007,Office 2010,Office 2013,Office 2016,Office 2019,Office 2021 / Office LTSC,Office 365

Computers are being infected with at least eight different viruses in an attack that uses steganography to hide nasty code in images linked from Word and Excel documents. But there’s good news for most Office users.

Steganography is a way to hide text or code in an image or object. It’s a trick that’s been around for a long time. The term “steganography” is over 500 years old and the technique is at least 2,400 years old.

In this case it’s used as part of a complicated chain of downloads which includes images that appear normal but really have nasty code. This looks like an image but also has a Powershell script that’s run to get yet another step in the infiltration process.

Source: Positive Technologies

Infected documents are arriving as email attachments in both new and old Office formats.  Word documents in both .doc and .docx format, Excel workbooks in .xls .xla and .xlam.

The hackers use compromised mail servers to send the emails, which bypasses some security checks.  And the payload downloads come from legitimate servers that have been infiltrated and unknowingly hosting malware.

Once infected various type of malware can be installed including AgentTesla, FormBook, Remcos, LokiBot, Formbook, Guloader, SnakeKeylogger, XWorm,

The good news

Any reasonably up-to-date version of Office and Windows is protected against this attack.

That’s because the hackers are using a security bug in Equation Editor that was patched seven years ago but had been in Office for 17 years before that.

Microsoft 365, Office 2019 and Office 2021 all have the bug fix when installed.

Office 2007/2010/2013/2016 that have been updated sometime in the last seven years should also have some protection.

The only machines vulnerable are ones that use older versions of Office that are either not updated for over half a decade or users are bypassing the Protected Mode warnings.

If you’re interested in the nerdy details, check out Positive Technologies .

If you know anyone with an old version of Office, encourage them to get whatever patches and updates are available.  Even if support has ended for that Office release, updates are still available.

Microsoft Office support end dates checklist

Office security bug discovered after 17 years and what you must do
Equation Editor security bugs ride again

About this author

Office-Watch.com

Office Watch is the independent source of Microsoft Office news, tips and help since 1996. Don't miss our famous free newsletter.
View our latest eBooks!

Office 2021 - all you need to know. Facts & prices for the new Microsoft Office. Do you need it?
Office LTSC is the enterprise licence version of Office 2021.

Office 2024 what's known so far plus educated guesses.

Microsoft Office upcoming support end date checklist.