Japanese word processor Ichitaro vulnerability is being exploited in wild targeted attacks, says the advisory published by JustSystem. Symantec noticed and reported the exploitation back in February but it was then a minimal attack and was also limited to the Japanese users.
Ichitaro is a recognized Japanese word processor produced by JustSystems. It occupies the second share in Japanese word-processing software, behind Microsoft Word.
The attackers send a specially crafted Ichitaro document file as an attachment and when a user opens the attachment the arbitrary code is executed and the backdoor Trojan malware lands onto the computer. This specially crafted .JTD file when exploited can be used to drop and execute files.
The malicious file that exploits this new vulnerability in Ichitaro has been detected as Trojan.Tarodrop.M. JustSystems, Ichitaro’s publisher, provides the patch as a remedy to this malicious attack and users must apply it to evade this backdoor Trojan landing on their system via phishing emails.
Until users install the patch in their system, JustSystem advices them to be cautious in opening any suspicious document file in Ichitaro especially those received from the unknown sources.
This malware can compromise a system completely. This is not for the first time that Ichitaro vulnerabilities are used for targeted attacks. The number of targeted attacks on this Japanese word processor has increased in past few months which include the language specific regional attacks. The users of Ichitaro need to be extra careful as the popularity of this processor makes it much prone to such malicious attacks, says Symantec.