Researchers at HP have discovered a new malware loader that they’ve dubbed SVCReady.  While new malware strains are common, this one is distinct for a couple of different reasons.

Like many malicious programs, this spreads primarily via phishing email campaigns.  One way that this new strain differs however, is the fact that the malware is loaded onto the target machine via specially crafted Word documents attached to the email.

The idea is that these Word documents leverage VBGA macro code to execute shellcode that’s stored in the properties of the Word document.  That’s both new and dangerous.

The HP researchers found evidence that tracks the malicious code back to its origin in April of 2022, with the developers releasing several updates just one month later in May.  The number of updates is suggestive of a large, well-organized team that is committed to continued development of their new toy.

Currently, SVCReady boasts the following capabilities:

  • Download a file to the infected client
  • Take a screenshot
  • Run a shell command
  • Check if it is running in a virtual machine
  • Collect system information (a short and a “normal” version)
  • Check the USB status, i.e., the number of devices plugged-in
  • Establish persistence through a scheduled task
  • Run a file
  • And run a file using RunPeNative in memory

In addition to these capabilities, SVCReady can also fetch additional payloads from the command-and-control server.  While the bullet points above are dangerous in their way, it is the last, recently added capability that makes the new malware strain especially dangerous.  It enables the hackers to tailor the level of destruction for each infected target.

Worse, the new strain contains bits of code that lead the HP researchers to conclude that the threat actor TA551 may be behind it.  This is a large, well-organized group with ties to multiple other hacking organizations and ransomware affiliates. That implies that SVCReady may soon become much more widely available than it is now.

You will want to be sure this one stays on your radar.

Related Posts - TKS Blog
Microsoft 365 Cloud Modernization: IT Director Roadmap
For IT Directors, cloud migration is no longer about whether to move to Microsoft 365; it’s about how to modernize correctly without creating long-term architectural...
Read more
February 16, 202611:12 am
How Microsoft 365 Migration Impacts Workflow
You’ve probably heard leadership talk about cloud migration or Microsoft 365 modernization. These phrases often come up in company updates, IT meetings, or strategic planning...
Read more
February 16, 20264:37 pm
Cloud Computing for Business Growth: Scalability, Migration & Multi-Cloud Strategy
Organizations that rely solely on traditional, on-premises infrastructure often struggle with scalability, rising IT costs, limited agility, and increased operational risk. Cloud computing technology has fundamentally...
Read more
February 16, 20264:38 pm
Cybersecurity in 2026: Resolutions Every Business Owner Should Make
A New Year Offers the Perfect Moment to Refresh Your Security Strategy The calendar has flipped to 2026, and while personal resolutions are top of mind,...
Read more
January 16, 202611:57 am

Used with permission from Article Aggregator