An advanced persistent threat (APT) hacking group has been exploiting an unpatched Internet Explorer (IE) vulnerability to infect Windows PCs with malware.
According to the latest research made available by Qihoo 360’s Core security team and reported by ZDNet, the hacking group is launching attacks on a “global scale” via phishing emails loaded with malicious Office documents.
Victims are tricked into opening the malicious Office docs, which in turn launches a web page used to deliver malware via remote server. According to the researchers, the malware exploits a known user account control (UAC) bypass and also uses file steganography (e.g., used to embed messages, images or files within another message, image or file).
The researchers have reported the zero-day threat to Microsoft and urges the company to issue a patch to address the vulnerability.