The backdoor code was distributed via automatic update functionality. The infected version 10.01.189 contained backdoor code, which downloaded and installed NotPetya ransomware along with other tools, indented to distribute malware within local network. 75% of victims were located in Ukraine.
NotPetya
Vulnerability details
Advisory: SB2017062710 - Backdoor in M.E.Doc software
Vulnerable component: M.E.Doc
CVE-ID:
CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE-ID: CWE-20 - Improper input validation
Description:
The security issue exists due to presence of backdoor code in updates, distributed from the official website. After update installation, the system becomes infected with NotPetya ransomware.
Malware, present in the code, also performs various attempts to infect other systems.