Security researchers have discovered a new series of attacks against banks in Africa and Asia utilizing a zero day exploit in a local word processing app.
The exploit in question is aimed at the InPage software package typically used by Urdu and Arabic-speaking people – with a claimed two million users worldwide, according to Russian AV firm Kaspersky Lab.
The zero day is delivered to individuals in targeted banks via a classic spear phishing email, which aims to use social engineering tactics to trick the recipient into opening a malicious attachment disguised as a legitimate document.
After successfully exploiting the vulnerability in question, the malware will phone home to a C&C server and download legitimate remote access tools, Kaspersky Lab claimed.
In some cases, Zeus-type malware is downloaded, the firm added.
Kaspersky Lab security expert, Denis Legezo, said it’s easy to understand why attackers are using bugs in localized software like InPage.
“The attackers adjust their tactics to their target’s behavior by developing exploits for custom software which doesn’t always receive the kind of scrutiny that big software companies apply to their products,” he explained.
“Since local software is not a common target of exploit writers, vendors are not very responsive to vulnerability reports and existing exploits remain workable for a long time.”
A similar tactic was used back in 2013 against the Hangul Word Processor (HWP) software popular in South Korea, the firm added.
Kaspersky Lab claimed that there are no reported incidents of cyber theft via this exploit, although banks are urged to double down on enterprise-grade security tools and user education on how to deal with unsolicited mail.
Banks, like all organizations, should also ensure they’re running the latest version of all key software, via automated patch management platforms.