\u00ab\u00a0Made on Windows 11 Alpha\u00a0\u00bb themed malicious Microsoft Word documents have been discovered by the security researchers at Anomali. The maldoc implements VBA macros to deliver a JavaScript payload.<\/b>
\nAnomali Threat Research, a security research firm, has issued a warning about a malicious Microsoft Word document (maldoc), six of which have been discovered, that is masquerading as a document \u00ab\u00a0made on Windows 11 Alpha.\u00a0\u00bb The name of the file is \u00a0\u00bb Users-Progress-072021-1.doc \u00ab\u00a0. Most people familiar with the Windows 11 builds and their variations would probably be aware of such a thing never existing. However, people out of the loop may fall for this and decide to run the file as they might have heard all the commotion about the next-gen Windows OS. The maldoc uses VBA (Visual Basic for Application) macros to drop a JavaScript payload upon successful exploitation. The macro is executed when the user clicks on \u00ab\u00a0Enable editing\u00a0\u00bb and \u00ab\u00a0Enable content\u00a0\u00bb as instructed on the document’s cover. There is a lot of junk data so as to make analysis difficult for researchers and cybercrime hunters but cleaning up much of it reveals how the threat actors wish to infect a system with this document. For example, there are several checks the maldoc performs, like: CLEARMIND is apparently the domain of a Point-of-Sale (POS) service provider for the retail and hospitality sector. Anomali believes this file has been created by the FIN7 group which is famous for striking such targets to steal large-scale data. More technical details on the maldoc can be found in the official blog post here.<\/p>\n