Researchers at Proofpoint first spotted the malicious RTF template injections in March 2021, and the firm expects it to become more widely used as time goes on.
Here’s what’s happening, according to Proofpoint:
To put it simply, threat actors are placing malicious URLs in the RTF file through the template function, which can then load malicious payloads into an application or perform Windows New Technology LAN Manager (NTLM) authentication against a remote URL to steal Windows credentials, which could be disastrous for the user who opens these files.
Where things get really scary is that these have a lower detection rate by antivirus apps when compared to the well-known Office-based template injection technique. That means you might download the RTF file, run it through an antivirus app and think it’s safe when it’s hiding something sinister.
So what can you do to avoid it? Simply don’t download and open RTF files (or any other files, really) from people you don’t know. If something seems suspicious, it probably is. Be careful what you download, and you can mitigate the risk of these RTF template injection attacks.
RELATED: Want to Survive Ransomware? Here’s How to Protect Your PC
