Outlook macros used to spread malware

D Cybersecurity

The group of Russian hackers Gamaredon would be the maneuver to allow to create malicious attacks via Outlook targeting the contact lists of a pig user. Again, using deviations from the macros used in the Office suite and in particular Outlook are part of the strategy.

The use of macros for malicious purposes is a classic for attacks by cyber hackers. This is how a group of Russian hackers, Gamaredon, would be behind the wheel of the creation of tools for creating a booby-trapped module for Microsoft Outlook. Objective: allow a compromised user, via trapped outlook macros, to send corrupt documents to the contact lists of the latter. This group of cyberattackers is not new, it has been on the market since at least 2013, targeting institutions in Ukraine for political and military purposes. Since 2019, an upsurge in its activity has been observed.

“A new package used by Gamaredon (Primitive Bear) in recent malicious campaigns contains a Visual Basic for Applications (VBA) project (.OTM file) that targets the Microsoft Outlook email client with malicious macro scripts,” says Bleepingcomputer. This new wave of compromise was detected by the security provider Eset who analyzed this module, and specifies that the chain of events started with VBScript before ending on an Outlook process. According to Eset, the Russian cybergang has created several variants for CodeBuilder, the component used to inject malicious macros or remote templates into documents designed to infect target systems.

Malicious code in the chain for Gamaredon

“These macro injection modules also have the functionality of tampering with Microsoft Office macro security settings. Thus, affected users have no idea that they are compromising their workstations again each time they open the documents. We saw this module implemented in two different languages: C # and VBScript ”, warned Eset. According to the editor, Gamaredon’s scripts are distinguished not by their quality, but by their volume and speed of development explaining the multitude of errors and errors observed by researchers (comments in the source code, bad language coding …).

Source: www.lemondeinformatique.fr

Rate article
Add comment