#1 Middle East & Africa Trusted Cybersecurity News & Magazine |

34.8 C
Tuesday, July 23, 2024
Cybercory Cybersecurity Magazine
HomeTechnology & TelecomPatch Now: Microsoft MSHTML Flaw Exploited to Deliver MerkSpy Spyware

Patch Now: Microsoft MSHTML Flaw Exploited to Deliver MerkSpy Spyware


Related stories

Meta Fined $220 Million by Nigeria: A Landmark Case for Data Privacy in Africa

In a landmark decision, Nigeria's National Information Technology Development...

Shadowy Strike: New Linux Variant of Play Ransomware Targets VMware ESXi

Ransomware attacks continue to plague businesses worldwide, and VMware...

Masquerading Menace: “EvilVideo” Exposes Telegram Android Vulnerability

Telegram, a popular cloud-based messaging platform, recently faced a...

Bug Bounty Bonanza: WazirX Launches Program After $230 Million Cyberattack

In the ever-changing landscape of cybersecurity, the Indian cryptocurrency...

Security researchers have uncovered a campaign exploiting a previously patched vulnerability in Microsoft MSHTML to deliver a sophisticated spyware tool called MerkSpy. This article dives into the technical details of the exploit, the capabilities of MerkSpy, and offers actionable advice to help you stay safe from such attacks.

Abusing a Patched Flaw: The MSHTML Vulnerability

The vulnerability at the heart of this campaign lies in Microsoft MSHTML, the rendering engine used by Internet Explorer. The specific flaw, identified as CVE-2021-40444, is a remote code execution (RCE) vulnerability that allows attackers to execute malicious code on a victim’s machine without any user interaction. This is a very serious vulnerability, and Microsoft addressed it with a patch released in September 2021 [1].

The attackers, however, are targeting unpatched systems, highlighting the importance of keeping your software up to date.

MerkSpy: A Clandestine Threat

The spyware delivered through this exploit is called MerkSpy. According to a report by Fortinet FortiGuard Labs [2], MerkSpy is designed to operate under the radar and perform several malicious activities:

  • System Monitoring: MerkSpy can monitor a victim’s system activity, including keystrokes, browsing history, and running applications.
  • Data Exfiltration: The spyware can steal sensitive information like login credentials, financial data, and personal documents.
  • Persistence: MerkSpy can establish persistence on the compromised system, ensuring it remains operational even after a reboot.

This combination of features makes MerkSpy a dangerous tool in the hands of malicious actors.

The Attack Chain: How Does it Work?

The attack leveraging the MSHTML flaw reportedly starts with a malicious Microsoft Word document disguised as a job description for a software engineer role. Once the victim opens the document, the exploit embedded within triggers CVE-2021-40444, downloading an HTML file from a remote server.

This HTML file, in turn, executes a hidden shellcode that establishes a connection back to the attacker’s server. The attacker can then use this connection to deploy MerkSpy onto the victim’s system and begin their surveillance activities.

10 Ways to Stay Protected from MSHTML Exploits and MerkSpy

While this specific exploit targets an older vulnerability, there’s always a risk of new ones emerging. Here are 10 essential security measures to keep yourself safe from similar attacks:

  1. Patch Early, Patch Often: Ensure your operating system, web browser (not just Internet Explorer!), and all applications are updated with the latest security patches as soon as they become available.
  2. Ditch Internet Explorer: Since Microsoft no longer actively supports Internet Explorer, consider switching to a more secure web browser like Chrome, Firefox, or Edge.
  3. Beware of Phishing Lures: Don’t open suspicious email attachments, even if they appear to be from legitimate sources. Verify the sender’s identity before opening any attachments.
  4. Enable Macro Security: In Microsoft Word and other Office applications, disable macros by default to prevent malicious scripts from running.
  5. Use a Security Solution: Install a reputable antivirus and anti-malware solution on your system and keep it updated with the latest virus definitions.
  6. Educate Users: Train employees and family members about cybersecurity best practices, including identifying phishing attempts and the dangers of opening suspicious attachments.
  7. Enable Two-Factor Authentication: Wherever possible, enable two-factor authentication (2FA) for all your online accounts to add an extra layer of security.
  8. Regular Backups: Regularly back up your critical data to a secure location. This will ensure you have a clean copy of your data in case of a ransomware attack.
  9. Be Wary of Public Wi-Fi: Avoid using public Wi-Fi networks for sensitive activities like online banking or accessing financial accounts. If necessary, use a VPN to encrypt your traffic.
  10. Stay Informed: Keep yourself updated on the latest cybersecurity threats and vulnerabilities. Reputable cybersecurity blogs and news sources can provide valuable information.

Conclusion: Vigilance is Key

The recent MerkSpy campaign demonstrates the constant evolution of cyber threats. Patching vulnerabilities promptly, adopting a layered security approach, and staying informed are crucial for staying secure in today’s digital landscape. By following the security best practices outlined above, you can significantly reduce your risk of falling victim to similar attacks and protect your sensitive information.

Remember, cybersecurity is a shared responsibility. By working together and implementing these measures, we can create a more secure digital environment for everyone.

Ouaissou DEMBELE
Ouaissou DEMBELEhttps://cybercory.com
Ouaissou DEMBELE is an accomplished cybersecurity professional and the Editor-In-Chief of cybercory.com. He has over 10 years of experience in the field, with a particular focus on Ethical Hacking, Data Security & GRC. Currently, Ouaissou serves as the Co-founder & Chief Information Security Officer (CISO) at Saintynet, a leading provider of IT solutions and services. In this role, he is responsible for managing the company's cybersecurity strategy, ensuring compliance with relevant regulations, and identifying and mitigating potential threats, as well as helping the company customers for better & long term cybersecurity strategy. Prior to his work at Saintynet, Ouaissou held various positions in the IT industry, including as a consultant. He has also served as a speaker and trainer at industry conferences and events, sharing his expertise and insights with fellow professionals. Ouaissou holds a number of certifications in cybersecurity, including the Cisco Certified Network Professional - Security (CCNP Security) and the Certified Ethical Hacker (CEH), ITIL. With his wealth of experience and knowledge, Ouaissou is a valuable member of the cybercory team and a trusted advisor to clients seeking to enhance their cybersecurity posture.


- Never miss a story with notifications

- Gain full access to our premium content

- Browse free from up to 5 devices at once

Latest stories



Please enter your comment!
Please enter your name here