New Steganography Campaign Exploits MS Office Vulnerability to Distribute AsyncRAT

A recently uncovered cyberattack campaign has brought steganography back into the spotlight, showcasing the creative and insidious methods attackers employ to deliver malware.

This operation, dubbed the “Stego-Campaign,” exploits a known Microsoft Office vulnerability, CVE-2017-0199, to initiate infections and ultimately deploy the notorious AsyncRAT malware.

Innovative Attack Leverages Hidden Payloads in Images

The vulnerability, first reported in April 2017, enables remote code execution (RCE) without user interaction beyond opening a malicious document, making it a potent entry point for phishing-based attacks.

The attack begins with a phishing email containing a malicious Microsoft Office document that exploits CVE-2017-0199.

Once opened, the document triggers the download of a malicious HTA script, which in turn fetches a trojanized version of Prnport.vbs, a legitimate Windows script for managing printer ports.

This tampered script constructs and executes a PowerShell command to download an injector DLL hidden within an innocuous-looking image file using ...