Security News > 2021 > July > Microsoft Office Users Warned on New Malware-Protection Bypass
Legacy users of Microsoft Excel are being targeted in a malware campaign that uses a novel malware-obfuscation technique to disable Office defenses and deliver the Zloader trojan.
The attack, according to research published Thursday by McAfee, marries functions in Microsoft Office Word and Excel to work together to download the Zloader payload, without triggering an alert warning for end users of the malicious attack.
"The malware arrives through a phishing email containing a Microsoft Word document as an attachment. When the document is opened and macros are enabled, the Word document, in turn, downloads and opens another password-protected Microsoft Excel document," researchers wrote.
Because Microsoft Office automatically disables macros, the attackers attempt to trick recipients of the email to enable them with a message appearing inside the Word document.
VBA is Microsoft's programming language for Excel, Word and other Office programs.
Malware authors achieve the warning bypass by embedding instructions in the Word document to extract the contents from the Excel cells, researchers wrote.
News URL
https://threatpost.com/microsoft-office-malware-protection-bypass/167652/
Related news
- Week in review: Microsoft patches exploited Windows CLFS 0-day, WinRAR MotW bypass flaw fixed (source)
- Microsoft blocks ActiveX by default in Microsoft 365, Office 2024 (source)
- Microsoft: Office 2016 and Office 2019 reach end of support in October (source)
- Microsoft will update Office apps on Windows 10 until 2028 (source)
- South Asian Ministries Hit by SideWinder APT Using Old Office Flaws and Custom Malware (source)