VERY IMPORTANT

Earlier this month, FortiGuard Labs researchers published findings about a malware campaign exploiting a PowerPoint vulnerability. Cybercriminals, however, are equal opportunity exploiters, so just recently an interesting targeted malware campaign was found to be using another document vulnerability. Only this time, it’s a Hangul Word Processor (HWP) document leveraging the already known CVE-2015-2545 Encapsulated PostScript (EPS) vulnerability. Aside from this campaign’s motivation, what grabbed our attention was the way it utilizes pCloud, a free cloud service, for data storage and communication. Although this technique has been used before by other malware campaigns, it is still not a common strategy. We also discovered, based on the samples we gathered, that the malware, which we call CloudTap, has been in use for over a year.