Security News > 2021 > February > Researchers Unmask Hackers Behind APOMacroSploit Malware Builder

Cybersecurity researchers have disclosed a new kind of Office malware distributed as part of a malicious email campaign that targeted more than 80 customers worldwide in an attempt to control victim machines and steal information remotely.

About 40 hackers in total are said to be behind the operation, utilizing 100 different email senders in a slew of attacks targeting users in more than 30 different countries.

"The malware infection begins when the dynamic content of the attached XLS document is enabled, and an XLM macro automatically starts downloading a Windows system command script," the firm said in a Tuesday report.

The scripts are also responsible for executing the malware on Windows systems, but not before adding the malware location in the exclusion path of Windows Defender and disabling Windows cleanup.

In one of the attacks, the malware - a Delphi Crypter followed by a second-stage remote access Trojan called BitRAT - was found hosted on a Bulgarian website catering to medical equipment and supplies, implying that the attackers breached the website to store the malicious executable.

The idea of using "Crypters" or "Packers" has become increasingly popular among threat actors to not only compress but also to make malware samples more evasive and reverse engineer.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/TEqwkRLX2Sk/researchers-unmask-hackers-behind.html