#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

macros | Breaking Cybersecurity News | The Hacker News

Category — macros
Hackers Use New Trick to Disable Macro Security Warnings in Malicious Office Files

Hackers Use New Trick to Disable Macro Security Warnings in Malicious Office Files

Jul 09, 2021
While it's a norm for phishing campaigns that distribute weaponized Microsoft Office documents to prompt victims to enable macros in order to trigger the infection chain directly, new findings indicate attackers are using non-malicious documents to disable security warnings prior to executing macro code to infect victims' computers. In yet another instance of malware authors continue to evolve their techniques to evade detection, researchers from McAfee Labs stumbled upon a novel tactic that "downloads and executes malicious DLLs (ZLoader) without any malicious code present in the initial spammed attachment macro." ZLoader infections propagated using this mechanism have been primarily reported in the U.S., Canada, Spain, Japan, and Malaysia, the cybersecurity firm noted. The malware — a descendant of the infamous ZeuS banking trojan — is well known for aggressively using macro-enabled Office documents as an initial attack vector to steal credentials and personall...
GandCrab ransomware and Ursnif virus spreading via MS Word macros

GandCrab ransomware and Ursnif virus spreading via MS Word macros

Jan 25, 2019
Security researchers have discovered two separate malware campaigns, one of which is distributing the Ursnif data-stealing trojan and the GandCrab ransomware in the wild, whereas the second one is only infecting victims with Ursnif malware. Though both malware campaigns appear to be a work of two separate cybercriminal groups, we find many similarities in them. Both attacks start from phishing emails containing an attached Microsoft Word document embedded with malicious macros and then uses Powershell to deliver fileless malware. Ursnif is a data-stealing malware that typically steals sensitive information from compromised computers with an ability to harvest banking credentials, browsing activities, collect keystrokes, system and process information, and deploy additional backdoors. Discovered earlier last year, GandCrab is a widespread ransomware threat that, like every other ransomware in the market, encrypts files on an infected system and insists victims to pay a ransom ...
Want to Grow Vulnerability Management into Exposure Management? Start Here!

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Dec 05, 2024Attack Surface / Exposure Management
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...
MS Office Built-In Feature Could be Exploited to Create Self-Replicating Malware

MS Office Built-In Feature Could be Exploited to Create Self-Replicating Malware

Nov 23, 2017
Earlier this month a cybersecurity researcher shared details of a security loophole with The Hacker News that affects all versions of Microsoft Office, allowing malicious actors to create and spread macro-based self-replicating malware. Macro-based self-replicating malware, which basically allows a macro to write more macros, is not new among hackers, but to prevent such threats, Microsoft has already introduced a security mechanism in MS Office that by default limits this functionality. Lino Antonio Buono, an Italian security researcher who works at InTheCyber , reported a simple technique (detailed below) that could allow anyone to bypass the security control put in place by Microsoft and create self-replicating malware hidden behind innocent-looking MS Word documents. What's Worse? Microsoft refused to consider this issue a security loophole when contacted by the researcher in October this year, saying it's a feature intended to work this way only—just like MS Offic...
cyber security

Innovate Securely: Top Strategies to Harmonize AppSec and R&D Teams

websiteBackslashApplication Security
Tackle common challenges to make security and innovation work seamlessly.
Beware! This Microsoft PowerPoint Hack Installs Malware Without Requiring Macros

Beware! This Microsoft PowerPoint Hack Installs Malware Without Requiring Macros

Jun 07, 2017
" Disable macros and always be extra careful when you manually enable it while opening Microsoft Office Word documents. " You might have heard of above-mentioned security warning multiple times on the Internet as hackers usually leverage this decade old macros-based hacking technique to hack computers through specially crafted Microsoft Office files, particularly Word, attached to spam emails. But a new social engineering attack has been discovered in the wild, which doesn't require users to enable macros ; instead it executes malware on a targeted system using PowerShell commands embedded inside a PowerPoint (PPT) file. Moreover, the malicious PowerShell code hidden inside the document triggers as soon as the victim moves/hovers a mouse over a link (as shown), which downloads an additional payload on the compromised machine -- even without clicking it. Researchers at Security firm SentinelOne have discovered that a group of hackers is using malicious PowerPoi...
Botnet Sending 5 Million Emails Per Hour to Spread Jaff Ransomware

Botnet Sending 5 Million Emails Per Hour to Spread Jaff Ransomware

May 12, 2017
A massive malicious email campaign that stems from the Necurs botnet is spreading a new ransomware at the rate of 5 million emails per hour and hitting computers across the globe. Dubbed "Jaff," the new file-encrypting ransomware is very similar to the infamous Locky ransomware in many ways, but it is demanding 1.79 Bitcoins (approx $3,150), which much higher than Locky, to unlock the encrypted files on an infected computer. According to security researchers at Forcepoint Security Lab, Jaff ransomware, written in C programming language, is being distributed with the help of Necurs botnet that currently controls over 6 million infected computers worldwide. Necurs botnet is sending emails to millions of users with an attached PDF document, which if clicked, opens up an embedded Word document with a malicious macro script to downloads and execute the Jaff ransomware, Malwarebytes says . Jaff is Spreading at the Rate of 5 Million per Hour The malicious email camp...
Zero-Day Warning! Ransomware targets Microsoft Office 365 Users

Zero-Day Warning! Ransomware targets Microsoft Office 365 Users

Jun 28, 2016
If just relying on the security tools of Microsoft Office 365 can protect you from cyber attacks, you are wrong. Variants of Cerber Ransomware are now targeting MS Office 365 email users with a massive zero-day attack that has the ability to bypass Office 365's built-in security tools. According to a report published by cloud security provider Avanan, the massive zero-day Cerber ransomware attack targeted Microsoft Office 365 users with spam or phishing emails carrying malicious file attachments. The Cerber ransomware is invoked via Macros. Yes, it's hard to believe but even in 2016, a single MS Office document could compromise your system by enabling ' Macros '. Locky and Dridex ransomware malware also made use of the malicious Macros to hijack systems. Over $22 Million were pilfered from the UK banks with the Dridex Malware that got triggered via a nasty macro virus. You can see a screenshot of the malicious document in the latest malware campaign belo...
How Just Opening an MS Word Doc Can Hijack Every File On Your System

How Just Opening an MS Word Doc Can Hijack Every File On Your System

Feb 19, 2016
If you receive a mail masquerading as a company's invoice and containing a Microsoft Word file, think twice before clicking on it. Doing so could cripple your system and could lead to a catastrophic destruction. Hackers are believed to be carrying out social engineering hoaxes by adopting eye-catching subjects in the spam emails and compromised websites to lure the victims into installing a deadly ransomware, dubbed " Locky ," into their systems. So if you find .locky extension files on your network shares, Congratulations! You are infected and left with just two solutions: Rebuild your PC from scratch or Pay the ransom. Locky ransomware is spreading at the rate of 4000 new infections per hour , which means approximately 100,000 new infections per day . Microsoft MACROS are Back It is hard to digest the fact that, in this 2016, even a single MS Word document could compromise your system by enabling ' Macros .' This is where the poin...
Malware behind Microsoft Excel-based Sudoku generator

Malware behind Microsoft Excel-based Sudoku generator

Dec 20, 2012
Sudoku is one such game that I believe will benefit your brain, but now not for your system. Peter Szabo from SophosLabs have identified a piece of malware that resides behind a Microsoft Excel-based Sudoku generator. The Malware developed in Visual Basic requires macros, a scripting language that allows users to create equations based on values in different columns and rows. Microsoft disable macros by default , because in past macros were the weapon of choice for cyber criminals . But in order for the generator to work, the user must activate macros. Unfortunately, while the user is enjoying the Sudoku, the macro is installing malware in the targeted machine. Keyboard and mouse macros allow sequences of keystrokes and mouse actions to be transformed into shorter commands and also it can easily gathers system information by using the ipconfig, systeminfo like commands. Once the bug has collected a machine's IP address, running processes, ins...
Expert Insights / Articles Videos
Cybersecurity Resources