Cyber-security researchers have disclosed a new kind of Office malware distributed as part of a malicious email campaign that targeted more than 80 customers worldwide in an attempt to control victim machines and steal information remotely.
The tool — dubbed “APOMacroSploit” — is a macro exploit generator that allows the user to create an Excel document capable of bypassing antivirus software, Windows Anti-malware Scan Interface (AMSI), and even Gmail and other email-based phishing detection.
APOMacroSploit is believed to be the work of two French-based threat actors “Apocaliptique” and “Nitrix,” who are estimated to have made at least $5000 in less than two months selling the product on HackForums.net.
About 40 hackers in total are said to be behind the operation, utilizing 100 different email senders in a slew of attacks targeting users in more than 30 different countries. The attacks were spotted for the first time at the end of November 2020, according to cyber-security firm Check Point.
“The malware infection begins when the dynamic content of the attached XLS document is enabled, and an XLM macro automatically starts downloading a Windows system command script,” the firm said in a Tuesday report.
images from Hacker News