{"id":51261,"date":"2021-07-19T09:18:19","date_gmt":"2021-07-19T07:18:19","guid":{"rendered":"https:\/\/eiposgrados.com\/?p=39946"},"modified":"2021-10-29T16:38:33","modified_gmt":"2021-10-29T14:38:33","slug":"malware-hidden-in-office-files","status":"publish","type":"post","link":"https:\/\/eiposgrados.com\/eng\/cybersecurity-blog\/malware-hidden-in-office-files\/","title":{"rendered":"Malware hidden in Office files"},"content":{"rendered":"

A new phishing campaign<\/strong> has appeared distributing the ZLoader malware<\/strong> using documents Microsoft Office<\/strong> as a Trojan horse to access our system, according to a report generated by the security firm Forcepoint X-Labs.<\/p>\n\n\n\n

To train you in Cybersecurity and be able to aspire to positions of Address<\/strong> in the area of cybersecurity<\/strong> and of expert<\/strong> in Informatic security<\/strong> With solid technological and managerial knowledge, the Master in Cybersecurity, Ethical Hacking and Offensive Security<\/a> You will train with specialized professionals. <\/p>\n\n\n\n

Phishing attacks<\/h2>\n\n\n\n

The phishing attacks<\/strong> are the order of the day, normally, they try to access our systems by posing as a trusted company or organization (Netflix, Amazon, DGT, electricity companies, etc.) so that in this way the victim trusts and downloads the file with malware.<\/p>\n\n\n\n

The report describes the malicious attachment<\/strong> in these emails as a Microsoft Word attachment in MHTML format with a randomly generated file name. MHTML is a web page archive file format that is compatible with web-based technologies.<\/p>\n\n\n\n

In this case the phishing emails <\/strong>They use a billing decoy, the message may vary, but the purpose is the same, for the user to download the office file.<\/p>\n\n\n\n

If the phishing victim<\/strong>, by downloading and opening the Microsoft Word attachment, you will enable the macros<\/strong>, triggers the download of an encrypted Excel sheet in which the final payload of the malware is hidden.<\/p>\n\n\n\n

\u201cAfter downloading the XLS file, Word VBA reads the cell content from XLS and creates a new macro for the same XLS file and writes the cell content into XLS VBA macros as functions.\u201d They said researchers<\/strong>. \u201cOnce the macros are written and ready, the Word document sets the registry policy to 'Disable Excel Macro Warning'. It then invokes the malicious macro function from the Excel file. The Excel file now downloads the ZLoader payload. The ZLoader payload is then executed using rundll32.exe.\u201d<\/p>\n\n\n\n

Example of malicious attachment<\/h2>\n\n\n\n

ZLoader is a multipurpose trojan<\/strong> which often acts as a dropper delivering Zeus-based malware in multi-stage ransomware attacks, such as Ryuk and Egregor.<\/p>\n\n\n\n

<\/figure><\/div>\n\n\n\n

As we can see in the image that a colleague has sent us, the subject indicates \u201cPayment for invoice FE-91996 is not accepted\u201d and then in the body of the message they tell us that we owe that invoice and that we must pay it before it is generate additional expenses, inviting us to open the file<\/strong> where we can see all the information.<\/p>\n\n\n\n

We keep biting<\/h2>\n\n\n\n

The email scams <\/strong>invoicing are still effective since the targeted victim of phishing is likely to be receptive to anything to do with unpaid invoices and even returns. <\/p>\n\n\n\n

Malware has become increasingly difficult to detect and information theft will be inevitable if we do not raise awareness and acquire a daily cybersecurity routine.<\/p>\n\n\n\n

We recommend that you go through this post where we give you 5 cyber commandments<\/a> to improve your cybersecurity.<\/p>","protected":false},"excerpt":{"rendered":"

A new phishing campaign appears with malware hidden in office files, called Zloade. If you want to know more, keep reading!<\/p>","protected":false},"author":1,"featured_media":51625,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[332],"tags":[],"class_list":["post-51261","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-ciberseguridad"],"acf":[],"_links":{"self":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/posts\/51261","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/comments?post=51261"}],"version-history":[{"count":0,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/posts\/51261\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/media\/51625"}],"wp:attachment":[{"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/media?parent=51261"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/categories?post=51261"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/eiposgrados.com\/eng\/wp-json\/wp\/v2\/tags?post=51261"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}