Threat Database Malware OpenDocument Malware

OpenDocument Malware

Cybercriminals are using corrupted OpenDocument files as a way to infect the systems of their victims with AsyncRAT. So far, the main targets of the threatening campaign appear to be hotels located in the Latin American region.

OpenDocument is a legitimate file format used by Office Applications. However, the attackers have created a manipulated file in this format. It is delivered by lure emails where the attached poisoned file is presented as a booking request or a guest registration document. The targeted victims are asked to open the file and update the relevant fields. Those that agree will be further presented with an Excel document that requests macros to be enabled, supposedly so that it can be opened properly. Instead, a threatening RAT (Remote Access Trojan) named AsyncRAT will be deployed to the device.

The malware can perform numerous, intrusive actions on the infected device. Depending on the commands received from its operators, AsyncRAT can manipulate the file system, upload chosen files, start or kill processes, initiate keylogging routines, and spy on the activities on the system. In short, threat actors can use AsyncRAT to deliver additional, more specialized malware payloads to the victim's device, obtain sensitive or confidential information, open specific websites and more.


Most Viewed