Konni RAT Exploiting Word Docs to Steal Data from Windows

The return of Konni RAT and latest findings should not come as a surprise, considering that, as of 2022, the Microsoft Office Suite remains the most exploited set of tools by hackers for spreading malware.

Cybersecurity researchers at FortiGuard Labs have discovered a new malware campaign dubbed ‘Konni,’ which targets Windows systems through Word documents containing malicious macros. When unsuspecting users open or download the document, a remote access trojan (RAT) called Konni is executed.

The Konni RAT is a sophisticated malware incorporating self-defence mechanisms, with capabilities that include stealing login credentials, remote command execution, and the ability to execute commands with elevated privileges. Additionally, it can download and upload files.

It is worth noting that the Konni RAT is known for its previous targeting of Russia. Notably, it was the same malware used against North Korea following its missile tests in August 2017.

As for the latest campaign, the ...