Experts Warn of Stealthy PowerShell Backdoor Disguising as Windows Update

Details have emerged about a previously undocumented and fully undetectable FUD PowerShell backdoor that gains its stealth by disguising itself as part of a Windows update process. "The covert self-developed tool and the associated C2 commands seem to be the work of a sophisticated, unknown threa...

Researchers Uncover New Attempts by Qakbot Malware to Evade Detection

The operators behind the Qakbot malware are transforming their delivery vectors in an attempt to sidestep detection. "Most recently, threat actors have transformed their techniques to evade detection by using ZIP file extensions, enticing file names with common formats, and Excel XLM 4.0 to trick...

RevoWorks incomplete filtering of MS Office v4 macros

Overview RevoWorks SCVX, RevoWorks Browser and RevoWorks Desktop provided by J's Communication Co., Ltd. enables users to execute web browsers, accessing drives, folders, files and registries in a sandboxed environment. Users can download files from the internet to the sandboxed environment,...

Microsoft Disables Internet Macros in Office Apps by Default to Block Malware Attacks

Microsoft on Monday said it's taking steps to disable Visual Basic for Applications VBA macros by default across its products, including Word, Excel, PowerPoint, Access, and Visio, for documents downloaded from the web in an attempt to eliminate an entire class of attack vector. "Bad actors send...

Microsoft is now disabling Excel 4.0 macros by default

Back in October 2021, Microsoft announced in an email to customers that it planned to disable Excel 4.0 macros by default to protect customers from malicious documents. Last week—after three decades of macro viruses, and three decades of trying to convince every single Excel user individually to...

Emotet Now Using Unconventional IP Address Formats to Evade Detection

Social engineering campaigns involving the deployment of the Emotet malware botnet have been observed using "unconventional" IP address formats for the first time in a bid to sidestep detection by security solutions. This involves the use of hexadecimal and octal representations of the IP address...

Stealthy ‘WIRTE’ Gang Targets Middle Eastern Governments

A threat actor tracked as WIRTE has been assaulting Middle East governments since at least 2019 using “living-off-the-land” techniques and malicious Excel 4.0 macros. On Monday, Kaspersky reported that it observed the group in February using Microsoft Excel droppers, which planted hidden...

At long last, Microsoft is disabling Excel 4.0 macros by default

Sometimes good news in the security world comes unexpectedly. This is one of those times. After three decades of macro viruses, and three decades of trying to convince every single Excel user individually to disable macros, Microsoft is going disable Excel 4.0 macros for everyone. Better late tha...

BoobSnail - Allows Generating Excel 4.0 XLM Macro

BoobSnail allows generating XLM Excel 4.0 macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro generation. Features: various infection techniques; various obfuscation techniques; translation of formulas into languages other than English; can be used as a library - you can easily...

Cybercriminals Widely Abusing Excel 4.0 Macro to Distribute Malware

Threat actors are increasingly adopting Excel 4.0 documents as an initial stage vector to distribute malware such as ZLoader and Quakbot, according to new research. The findings come from an analysis of 160,000 Excel 4.0 documents between November 2020 and March 2021, out of which more than 90%...

XLM + AMSI: New runtime defense against Excel 4.0 macro malware

We have recently expanded the integration of Antimalware Scan Interface AMSI with Office 365 to include the runtime scanning of Excel 4.0 XLM macros, to help antivirus solutions tackle the increase in attacks that use malicious XLM macros. This integration, an example of the many security feature...

XLM + AMSI: New runtime defense against Excel 4.0 macro malware

We have recently expanded the integration of Antimalware Scan Interface AMSI with Office 365 to include the runtime scanning of Excel 4.0 XLM macros, to help antivirus solutions tackle the increase in attacks that use malicious XLM macros. This integration, an example of the many security feature...

‘Coronavirus Report’ Emails Spread NetSupport RAT, Microsoft Warns

A recent spear-phishing campaign has been spotted spreading a weaponized NetSupport Manager remote access tool RAT, which is a legitimate tool used for troubleshooting and tech support. Attackers use the ongoing coronavirus pandemic as a lure, as well as malicious Excel documents, to convince...