Rotten Tomato malware targets Microsoft Word

News by Ava Fedorov

This week, researchers at the SophosLabs released a research report revealing an APT malware campaign dubbed “Rotten Tomato,” referencing the Tomato Garden campaign.

The analysis demonstrates that several groups are using the identical zero-day Microsoft Word exploit in a targeted attack campaign that has been traced back to Russia.

Part of the Plugx family of malware, Rotten Tomato was intended as a dual weapon attack, but one of the weapons failed. Even so, the report emphasises, the malware remains a true threat, and increases the chance of infection in systems where prior vulnerabilities had already been fixed.

Gabor Szappanos, researcher at SophosLabs, has been closely monitoring this sector of malware since 2012 and notes that, as common malware groups increasingly copy APTs, “the narrow line between them (APTs and common malware attacks) is becoming harder to define.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews