A recently observed variant of the Asruex backdoor acts as an infector by targeting old vulnerabilities in Microsoft Office and Adobe Reader and Acrobat 9.x, Trend Micro reports.
Asruex was initially discovered in 2015 and was previously associated with the spyware DarkHotel. In addition to backdoor capabilities, the malware also appears to be able to inject code into Word and PDF files by targeting two old vulnerabilities tracked as CVE-2012-0158 and CVE-2010-2883.
These unique infection capabilities potentially make attacks more difficult to detect, given that security researchers might not consider checking files for an Asruex infection, but only keep an eye for its backdoor abilities.
