Word malicious document

The infected file is distributed via email. Having opened the document, the victim, unwittingly, launches a dropper, which, in turn, loads a multi-component malicious application. The virus secretly collects the credentials of victims with MS Outlook and Internet Account Manager, steals passwords stored in Firefox browser, as well as other information that identifies the user.

The text in the Word document contains background information on the Security Forum of the Association of Southeast Asian Nations (ASEAN) and is written in Russian.


The virus sends all stolen information to one of the legitimate Korean websites in unencrypted form. The victims of the malicious application have already become employees of the University of Peoples' Friendship and the ITAR-TASS news agency.
More information about the virus research report can be hacked classmates
')
According to the latest data, many antiviruses of the Virus Total list are already detecting a malicious dropper like Win32.Daws.