Next-Gen Maldocs & How to Solve the Human Vulnerability

2021-12-10 19:29

The adversary may set up a "Lookalike" website, masquerading as a page that the user expected and intended to go to, but which instead delivers username and password combos to the threat actor when victims attempt to log in.

Let's turn our focus to this file-attachment attack vector-specifically, malicious Microsoft Office documents, which can run code with a macro.

Can execute code via macros if they are given explicit user permission.

In the snippet of code above, the process to emulate "Decrypting" the content is shown-simply switching out the original document with content that is saved in an attached template, taking advantage of another feature of Microsoft Word to hide things from the user.

It generates an output that gives threat researchers a chunk of macro code to see if any of that code warrants additional attention.

ViperMonkey can find those pieces of code and piece them together to be analyzed.

News URL

https://threatpost.com/maldocs-malicious-office-documents-human-vulnerability/176916/

#nextgen #vulnerability