New Malspam Disables Msoft Office Macro Security

By   ISBuzz Team
Writer , Information Security Buzz | Jul 12, 2021 04:35 am PST


A new malspam variant that bypasses Office macro security to download Zloader was disclosed by McAfee on their blog Thursday. The variant disables Office defenses and delivers the Zloader banking trojan using a Word doc that downloads an XLS file. This downloads and executes malicious DLLs (Zloader) without any malicious code present in the initial spammed attachment macro. An expert with Gurucul offers perspective.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Saryu Nayyar
Saryu Nayyar , CEO
InfoSec Expert
July 12, 2021 12:36 pm

<p>As pervasive as anti-malware software is, malware developers continue to come up with innovative approaches to infecting systems and devices. In the latest case, Microsoft reports that a phishing email with a Word attachment has the potential to take over systems. Opening the document causes it to download an Excel file from a remote server, whose contents are loaded into Visual Basic for Applications as macros.  The Word doc disables the Excel macro warning and executes the macros, which downloads and executes the Zloader malware payload.</p>
<p>It’s a unique way of infecting a computer through several intermediate steps, and not actually downloading malware until the very last steps. Monitoring data on system downloads and executions will enable enterprises to identify a potential problem before Zloader can be executed.  As attacks get more and more sophisticated, enterprises need an early warning system before malware can cause a crisis.</p>

Last edited 2 years ago by Saryu Nayyar

Recent Posts

Would love your thoughts, please comment.x