Hackers have exploited a WPS Office zero-day to deploy dangerous malware

News
By published

Hackers use existing zero-day to drop a new backdoor

WPS Office
(Image credit: WPS Office)
Jump to:

The popular WPS Office workplace productivity software suite carried a vulnerability which allowed some threat actors to deploy backdoors to their target’s endpoints, experts have claimed.

Cybersecurity researchers at ESET found WPS Office was vulnerable to an improper path validation flaw, tracked as CVE-2024-7262. It carries a severity score of 9.3 (critical), and impacts multiple versions (from 12.2.0.13110, to 12.1.0.16412). The first patch to address the issue came out in March 2024, but some threat actors were allegedly already exploiting it a month earlier.

A South Korean state-sponsored group, known as APT-C-60, was using the flaw to drop a backdoor called SpyGlace to endpoints in East Asia, which makes sense, since WPS Office is quite popular in that part of the world and reportedly has more than 500 million active users. SpyGlace seems to be a brand new piece of malware, since there are no reports of it prior to this incident.

Failing to patch

Kingsoft, the company behind WPS Office, released a patch for the improper path validation flaw in March 2024, but the patch did not fully address the problem. As a result, it introduced an additional vulnerability, tracked as CVE-2024-7263, which was fixed two months later, in May.

While no threat actors seem to have noticed the newly introduced bug, no one was exploiting it - however, chances are it’s only a matter of time before someone picks up the trail.

To remain secure, and address both vulnerabilities, WPS Office users are advised to update their software to the latest version, without hesitation. The first “clean” version is 12.2.0.17119.

"The exploit is cunning as it is deceptive enough to trick any user into clicking on a legitimate-looking spreadsheet while also being very effective and reliable," ESET said in its report. "The choice of the MHTML file format allowed the attackers to turn a code execution vulnerability into a remote one."

Via BleepingComputer

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Avast cybersecurity
An unpatched Windows zero-day flaw has been exploited by 11 nation-state attackers
Outlook
Dangerous Microsoft Outlook flaw could let hackers send out malware via email
Representational image depecting cybersecurity protection
Hackers are breaking SonicWall products to target business networks
A computer being guarded by cybersecurity.
Worrying Windows security issue patched by 7-Zip, so patch now
The best free firewall
Microsoft fixes Power Pages security flaw, tells users to be on their guard
A computer being guarded by cybersecurity.
Huge cyberattack found hitting vulnerable Microsoft-signed legacy drivers to get past security
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Google Gemini AI
Gemini can now see your screen and judge your tabs
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
AMD Ryzen 9950X

I analyzed 25 AMD Zen 4 and Zen 5 CPUs and the Ryzen 9 9900X is the best of them all right now: Here’s why
See more latest
Most Popular
AMD Ryzen 9950X
I analyzed 25 AMD Zen 4 and Zen 5 CPUs and the Ryzen 9 9900X is the best of them all right now: Here’s why
Ugreen \00d7 Genshin Impact Kinich Collectible Gift Box and exclusive Genshin Impact merchandise.
Ugreen reveals exclusive Genshin Impact collection and they're some of the most eye-catching charging products I've ever used
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds
Google Gemini AI
Gemini can now see your screen and judge your tabs
iFi iDSD Valkyrie in gold, on a beige desk
iFi's iDSD Valkyrie DAC wants to guide your music to the great hall of Valhalla
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
A fresh Samsung Galaxy S25 Edge leak hints at a 2K display and a titanium frame
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
SDUNITED AX835-025FF mini PC
This mini PC with the incredible Strix Halo APU is yet another sign AMD may have given up on big brands for bleeding edge tech
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now