Security News > 2023 > February > Hackers weaponize Microsoft Visual Studio add-ins to push malware
Security researchers warn that hackers may start using Microsoft Visual Studio Tools for Office more often as method to achieve persistence and execute code on a target machine via malicious Office add-ins.
NET-based malware and embedding it into the Office add-in.
VSTO is a software development kit, part of Microsoft's Visual Studio IDE. It is used to build VSTO add-ins, which are extensions for Office applications that can execute code on the machine.
These add-ins can be packaged with the document files or downloaded from a remote location and are executed when launching the document with the associated Office app.
Deep Instinct noticed some attacks using remote VSTO add-ins.
In one attack that Deep Instinct saw targeting users in Spain, the add-in payload executed an encoded and compressed PowerShell script on the computer.
News URL
Related news
- CISA warns of Microsoft Streaming bug exploited in malware attacks (source)
- Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware (source)
- Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware (source)
- Microsoft says Russian hackers breached its systems, accessed source code (source)
- Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets (source)
- Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)
- Microsoft: Russian hackers accessed internal systems, code repositories (source)
- Hackers leverage 1-day vulnerabilities to deliver custom Linux malware (source)
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)