Microsoft has already pushed an update to tackle the bug present in Microsoft Word.
(CCM) — The company has identified a bug in Microsoft Word. The vulnerability is being exploited by scammers to steal users’ banking details. The company says it will patch the security loophole soon. The issue was identified by the detection scanner last weekend.
A cyber security firm, Proofpoint, revealed that the bug is spreading by an e-mail campaign to distribute Dridex malware. The malware is designed to attack a user's computer and steal banking logins, along with other vital information. In 2015, hackers stole more than £20m from British bank accounts using Dridex malware. The scam e-mail campaign distributes Dridex malware via Microsoft Word RTF [Rich Text Format] documents.
Proofpoint researchers said in a blog: "Because of the widespread effectiveness and rapid weaponization of this exploit, it is critical that users and organizations apply the patch as soon as it becomes available."
The bug is reportedly present in various versions of Microsoft Word for Windows, which allows the Dridex malware to be installed on the device. Microsoft did not confirm if versions for Mac are also vulnerable to the new threat. The company planned to fix the issue via an update scheduled on Tuesday April 11, 2017. Microsoft also warns users to avoid downloading any Word file received from unknown e-mail addresses until the bug is completely treated for all devices.
Image: © Hans Engbers - Shutterstock.com