Security News > 2021 > July > Microsoft Office Users Warned on New Malware-Protection Bypass
Legacy users of Microsoft Excel are being targeted in a malware campaign that uses a novel malware-obfuscation technique to disable Office defenses and deliver the Zloader trojan.
The attack, according to research published Thursday by McAfee, marries functions in Microsoft Office Word and Excel to work together to download the Zloader payload, without triggering an alert warning for end users of the malicious attack.
"The malware arrives through a phishing email containing a Microsoft Word document as an attachment. When the document is opened and macros are enabled, the Word document, in turn, downloads and opens another password-protected Microsoft Excel document," researchers wrote.
Because Microsoft Office automatically disables macros, the attackers attempt to trick recipients of the email to enable them with a message appearing inside the Word document.
VBA is Microsoft's programming language for Excel, Word and other Office programs.
Malware authors achieve the warning bypass by embedding instructions in the Word document to extract the contents from the Excel cells, researchers wrote.
News URL
https://threatpost.com/microsoft-office-malware-protection-bypass/167652/
Related news
- Microsoft Office LTSC 2024 preview available for Windows, Mac (source)
- Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Microsoft squashes SmartScreen security bypass bug exploited in the wild (source)
- GitHub comments abused to push malware via Microsoft repo URLs (source)
- New Latrodectus malware attacks use Microsoft, Cloudflare themes (source)
- Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications (source)
- Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version (source)
- Microsoft fixes Windows zero-day exploited in QakBot malware attacks (source)