Security News > 2020 > June > Microsoft Outlook Users Targeted By Gamaredon’s New VBA Macro
The VBA macro leverages compromised victims' Microsoft Outlook email accounts to send spear-phishing emails to their contacts - rapidly widening the potential attack surface.
Researchers say, while abusing a compromised mailbox to send malicious emails is not a new technique, this is the first publicly documented case of an attack group using both an Outlook macro and an OTM file to do so.
The code runs a VBScript that first kills the victim's Outlook process, and then removes any security protections around VBA macro execution in Outlook by changing registry values.
Researchers said, while tools utilized by Gamaredon have historically been very simple and are designed to gather sensitive data from compromised systems, the Outlook VBA module may reflect future sophistication in cyberattacks.
"Despite the simplicity of most of their tools, the Gamaredon group also is capable of deploying some novelty, such as their Outlook VBA module," they said.
News URL
https://threatpost.com/microsoft-outlook-users-targeted-by-gamaredons-new-vba-macro/156484/
Related news
- Microsoft fixes bug causing Outlook freezes when copying text (source)
- Microsoft fixes bug causing Outlook to freeze when copying text (source)
- Criminal IP: Bringing Real-Time Phishing Detection to Microsoft Outlook (source)
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- Microsoft shares temp fix for Outlook crashing when writing emails (source)