Security News > 2021 > July > Microsoft Office Users Warned on New Malware-Protection Bypass
Legacy users of Microsoft Excel are being targeted in a malware campaign that uses a novel malware-obfuscation technique to disable Office defenses and deliver the Zloader trojan.
The attack, according to research published Thursday by McAfee, marries functions in Microsoft Office Word and Excel to work together to download the Zloader payload, without triggering an alert warning for end users of the malicious attack.
"The malware arrives through a phishing email containing a Microsoft Word document as an attachment. When the document is opened and macros are enabled, the Word document, in turn, downloads and opens another password-protected Microsoft Excel document," researchers wrote.
Because Microsoft Office automatically disables macros, the attackers attempt to trick recipients of the email to enable them with a message appearing inside the Word document.
VBA is Microsoft's programming language for Excel, Word and other Office programs.
Malware authors achieve the warning bypass by embedding instructions in the Word document to extract the contents from the Excel cells, researchers wrote.
News URL
https://threatpost.com/microsoft-office-malware-protection-bypass/167652/
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections (source)
- 65% of office workers bypass cybersecurity to boost productivity (source)
- Microsoft 365 outage takes down Office web apps, admin center (source)
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)
- Microsoft fixes bug behind random Office 365 deactivation errors (source)