Une faille dans l’éditeur de texte InPage a été exploitée pour pirater des institutions financières. Les victimes sont au Sri Lanka, en Ouganda et au Myanmar. L’ensemble du mode opératoire est décortiqué par un expert de Kaspersky sur le blog Securelist.
InPage zero-day exploit used to attack financial institutions in Asia
In September 2016, while researching a new wave of attacks, we found an interesting target which appeared to constantly receive spearphishes, a practice we commonly describe as a “magnet of threats”. Among all the attacks received by this magnet of threats, which included various older Office exploits such as CVE-2012-0158, one of them attracted our attention. This file, which was also uploaded to a multiscanner service in September 2016, had an extension that we were unfamiliar with – “.inp”. Further investigation revealed this was an InPage document. InPage, in case you are wondering, is publishing and text processing software, mostly popular with Urdu and Arabic speaking users.