17 September 2024, Tue |
8:06 AM
ESET researchers have uncovered two critical vulnerabilities in WPS Office for Windows (CVE-2024-7262 and CVE-2024-7263), which were being exploited by a cyberespionage group, APT-C-60. The group targeted users in East Asia, leveraging these flaws to deploy a custom backdoor, internally named “SpyGlace” by ESET.
APT-C-60 used a malicious MHTML spreadsheet document, designed to trigger remote code execution when opened in the WPS Spreadsheet application. The document contained a hidden hyperlink that executed a remote library, exploiting a flaw in the WPS software. “The WPS Office software has over 500 million active users worldwide, making it a prime target for large-scale attacks, particularly in East Asia,” said Romain Dumont, ESET researcher.
During the investigation, ESET uncovered a second vulnerability (CVE-2024-7263) related to improper input validation. Both vulnerabilities have since been patched following a coordinated disclosure process between ESET and Kingsoft, the developers of WPS Office.
The attack, however, raised concerns about patch verification processes, as the initial patch failed to fully address the underlying issue. ESET urges all WPS Office for Windows users to update their software immediately to ensure protection from these critical vulnerabilities.
