Security firm Zscaler has warned of more cyber nastiness after it discovered malicious documents that evade detection by using a new technique.
It seems attackers are enabling macros within malicious Microsoft Word documents as part of their attempt to evade the analysis systems used by anti-virus tools.
Malicious executables hidden within documents are not a new phenomenon, but attackers are increasingly utilising new techniques to make it harder for security software to detect them proactively, blogged Zscaler.
Zscaler said that attackers are now making use of macros, which of course are pieces of code embedded inside Microsoft Office documents (usually written in Visual Basic). Microsoft Office disables macros by default, but attackers are now apparently “using clever social engineering tactics to lure the user into enabling the macros.”
And it seems that malware authors making the macro code extremely difficult to detect by signature based systems.
“If any of these anti-VM or anti-sandbox checks is positive then the VBA macro code execution terminates and the end malware payload does not get downloaded on the system shielding it from automated analysis and detection,” said Zscaler. “Alternately, the malicious document will download and install a malware executable on the victim’s system if all the anti-VM checks fail.”
“Malicious documents with highly obfuscated macros have become an increasingly popular vector among cyber criminals to deliver malware executable payloads,” said Zscaler. “By adding newer anti-VM and anti-analysis techniques to the malicious documents itself, the attackers are protecting the end executable payloads from being downloaded and detected by the automated analysis systems.”
The firm advises users to never trust documents that prompt them to enable macros in order to view the content.
In March Microsoft made it tougher for enterprises to fall victim to macro-based attacks that prey on Office users. It implemented a new policy-setting feature in Office 2016 that allows administrators to block macros from untrusted sources.
Despite that, macro-based malware continues to be a thorn in the side of IT departments tasked with securing their organisations’ systems.
Are you a security pro? Try our quiz!
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
New chapter for LastPass as it becomes an independent company to focus on cybersecurity, after…
US FCC seeks to ban Chinese telecom firms at centre of national security concerns from…
Two updates to Anthropic's AI chatbot Claude sees arrival of a new business-focused plan, as…