Fresh Attacks Launched Using Macro Malware - Trend Micro

Security researchers of security firm Trend Micro recently said that cybercriminals are using macro malware in their fresh campaign targeting financial institutions and banks.

Cybercriminals are distributing phishing emails asserting to be from Automated Clearing House (ACH) which is a network for making financial transactions across US and Trend Micro describes it as an "outbreak" of spam messages.

The phishing emails are distributed to numerous company employees to have complete glimpse pertaining to details of a transfer, fax, or some other kind of financial transfer-related work.

The link takes you to a page of Dropbox which tries to persuade the victim to activate the macros on Microsoft Office to see a hosted document. If activated, the document laced with Bartalex malware will drop Dyre banking malware.

This marks that Macro malware has been horded on Dropbox for the first time while cloud services have been employed in various attacks to host C&C (Command and Control) servers along with malicious files.

Trend Micro reported that it has exposed minimum 1,000 links of malicious Dropbox which are hosting the malware.

It is not clear about the success of the campaign but Trend Micro claimed that the malware has been used to attack major reputed financial institutions.

Trend Micro mentioned that the usage of macro malware enables criminals to reuse ancient tricks in trying to fight defense systems.

V3.co.uk published news on 28th April, 2015 quoting an advisory as "Macro malware such as Bartalex is apparently getting more noticeable than before which indicates that ancient threats are still effective infection vectors on systems as on today. They are apparently adapting: they are currently being hosted in genuine services such as Dropbox and keeping in mind the latest outbreak, macro malware may constantly threaten more businesses in future."

Macro malware becomes a threat which troubled old versions of Windows. Microsoft finished the malware with the help of Office XP in 2001 when it pulled its systems to request permission from user prior to execution of macros script in inserted files.

The security company claims that Bartalex is most dominant in US (35.52%) followed by Canada (11.54%) and Australia (11.06%).

» SPAMfighter News - 5/5/2015