Security News > 2021 > April > EtterSilent maldoc builder used by top cybercriminal gangs
A malicious document builder named EtterSilent is gaining more attention on underground forums, security researchers note.
Ads promoting EtterSilent maldoc builder have been published on underground forums since at least mid-2020, boasting features like bypassing Windows Defender, Windows AMSI, and popular email services, Gmail included.
An EtterSilent maldoc with macro code can pose as a DocuSign or DigiCert document that asks users to enable support for macros that downloads a payload in the background.
The researchers note that an EtterSilent maldoc was included in a recent spam campaign that dropped an updated version of Trickbot.
Intel 471 says that other cybercriminal groups leveraged EtterSilent services for their operations.
Gangs as prolific as these are constantly looking for new ways to distribute their payloads while drawing as little attention as possible and the EtterSilent maldoc service appears to provide a good cover.