Security News > 2021 > July > Microsoft Office Users Warned on New Malware-Protection Bypass

Microsoft Office Users Warned on New Malware-Protection Bypass
2021-07-09 17:42

Legacy users of Microsoft Excel are being targeted in a malware campaign that uses a novel malware-obfuscation technique to disable Office defenses and deliver the Zloader trojan.

The attack, according to research published Thursday by McAfee, marries functions in Microsoft Office Word and Excel to work together to download the Zloader payload, without triggering an alert warning for end users of the malicious attack.

"The malware arrives through a phishing email containing a Microsoft Word document as an attachment. When the document is opened and macros are enabled, the Word document, in turn, downloads and opens another password-protected Microsoft Excel document," researchers wrote.

Because Microsoft Office automatically disables macros, the attackers attempt to trick recipients of the email to enable them with a message appearing inside the Word document.

VBA is Microsoft's programming language for Excel, Word and other Office programs.

Malware authors achieve the warning bypass by embedding instructions in the Word document to extract the contents from the Excel cells, researchers wrote.


News URL

https://threatpost.com/microsoft-office-malware-protection-bypass/167652/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399