Tuesday, April 29, 2025
HomeMalwareSmokeLoader Malware Abusing MS Office Document and Compromise Windows 8 ,10 Users...

SmokeLoader Malware Abusing MS Office Document and Compromise Windows 8 ,10 Users PC

Published on

SIEM as a Service

Follow Us on Google News

A dangerous malicious campaign SmokeLoader Malware abusing MS office document that spreading via spam Email and targetting windows 8 and above users.

Email medium is mainly used by attackers nowadays which carried out a variety of malware campaign and spreading across the world to infect a large number of users.

SmokeLoader Malware has acted and taken advantage of the infamous bug Meltdown and Spectre which affects almost all the modern processors and pushes Smoke Loader malware as a patch.

- Advertisement - Google News

In this case, attackers using a different kind of  Email body content to gain more trust from the targeting users and compromise them to believe it as a legitimate one.

Also, attacker injecting shellcode into office document and compromise users to enable the macro which leads to install the malicious code on the victim’s machine.

Also Read: Hacking Group Spies on and Steal Data from Android Users Posing Actress Nude Photos

How does this Smokeloader Malware infect the users

Initially, attacker distributing Spam Email campaign that contains an information about job applications which is not actually a legitimate content.

SmokeLoader Malware

The Mail also contains an attached zip file which is protected by a password and the password is clearly mentioned within the body of the Mail.

In this case, attacker protects an attached file with a password to evade the email security software.

Once the user opens the attachment, it promotes to enter the password which is given in the body of the email.

After users enter the password, a malicious word document will be downloaded which contains a Malicious macro code and the document keep asking users to enable the Macro to infect the user.

SmokeLoader Malware

Once the user enabled the macro, suddenly a PowerShell” script will be executed in the background and it will launch a payload.

According to QuickHeal, If we look closely, the malicious file is hosted as a poop.jpg file on the attacker’s server, which is actually an executable SmokeLoader malware. This file is dropped with the name DKSPKD.exe at %Temp% location and launched to perform malicious activities.

This Malware will be taking advantage of Microsoft Window 8 and above the platform and during the Execution process SmokeLoader malware can also download other malware to infect the user.

How to protect:

— Always keep your OS and software updated
— Train staff never open attachments or click on a URL in unsolicited e-mails
— Use Anti Spam Gateways such as Comodo Antispam Gateway for defense against spam, phishing emails, and virus-infected attachments
— Turn on Your Firewall
— Limit the user Privilege
— Use caution when clicking on links to web pages

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Researchers Uncover SuperShell Payloads and Various Tools in Hacker’s Open Directories

Cybersecurity researchers at Hunt have uncovered a server hosting advanced malicious tools, including SuperShell...

Cyber Espionage Campaign Targets Uyghur Exiles with Trojanized Language Software

A sophisticated cyberattack targeted senior members of the World Uyghur Congress (WUC), the largest...

Konni APT Deploys Multi-Stage Malware in Targeted Organizational Attacks

A sophisticated multi-stage malware campaign, potentially orchestrated by the North Korean Konni Advanced Persistent...

Outlaw Cybergang Launches Global Attacks on Linux Environments with New Malware

The Outlaw cybergang, also known as “Dota,” has intensified its global assault on Linux...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Konni APT Deploys Multi-Stage Malware in Targeted Organizational Attacks

A sophisticated multi-stage malware campaign, potentially orchestrated by the North Korean Konni Advanced Persistent...

Outlaw Cybergang Launches Global Attacks on Linux Environments with New Malware

The Outlaw cybergang, also known as “Dota,” has intensified its global assault on Linux...

New Gremlin Stealer Advertised on Hacker Forums Targets Credit Card Data and Login Credentials

A formidable new information-stealing malware dubbed Gremlin Stealer has surfaced in the cybercrime underground,...