OpenDocument Malware Attacks Hotel Chains

A recently detected malware attacking hotels in Latin America is keeping security researchers very busy, due to its furtiveness and sophistication. The malware, named OpenDocumen has very distinctive features, which sets it apart from other malware of its kind. The attack perpetrated by OpenDocument consists of the delivery of its text files via emails pretending to be documents belonging to guest registration. If the email is open, and the file downloaded and executed, its receiver will be asked to 'update fields with references to another file.' If the victims agree, they then will see an Excel file opening.

The Excel file is where lays the infection. It will prompt the victim to enable macros which, when enabled, will release the whole infection process. In the first place, the AsyncRAT, which is a Remote Access Tool that provides third parties with control and remote surveillance of infected endpoints a safe, encoded connection will be installed.

From there on, the attackers can perform countless harmful actions, such as collecting the victims' information, including bank account details, passwords and other personal details, which may end up in identity theft. They also can include the infected computer into a botnet.

The OpenDocument Malware is a good example of why we need to be extra suspicious when receiving documents from unknown sources. These documents should be analyzed and researched carefully before being opened. This way big problems will be avoided.

By Tova
July 21, 2022
July 21, 2022