Microsoft Visual Studio add-ins could be used to deliver malware
Date:
Fri, 03 Feb 2023 18:42:02 +0000
Description:
A somewhat niche method is growing more popular in the cybercrime community following the demise of the macro.
FULL STORY ======================================================================
Following the demise of macros in Microsoft Office files, it seems that another alternative method is gaining popularity, new reports have claimed.
Cybersecurity researchers from Deep Instinct have discovered an uptick in the use of Microsoft Visual Studio Tools for Office (VSTO) among cybercriminals, as they build malicious Office add-ins which help them achieve persistence
and run malicious code on target endpoints .
What hackers are doing here is building .NET-based malware , and then embedding it into an Office add-in, a practice that requires the threat actor to be somewhat more skilled. Bypassing antivirus
The method is hardly new but wasnt as popular while Office macros were dominating. Now that Microsoft effectively eliminated that threat, VSTO-built threats are emerging in greater numbers. These add-ins can be sent together with Office documents, or hosted elsewhere and triggered by an Office
document sent by the attackers. Read more
Microsoft Office is now blocking macros by default
The figures that show why Microsoft is so worried about Office macros
Here's our rundown of the best ransomware protection services right now
In other words, the victim still needs to download and run an Office file and the add-in in order to get infected, so phishing will still play a major
role. That being said, the attack vector is still quite dangerous as it is capable of successfully working around antivirus programs and other malware protection services. In fact, Deep Instinct was able to create a working Proof-of-Concept (PoC) that delivered the Meterpreter payload to the
endpoint. The video demonstration of the PoC can be found on this link . The researchers said they were forced to disable Microsoft Windows Defender just to record the process.
Meterpreter, a security product used for penetration testing, was easy for antivirus products to detect, however, all the elements of the PoC were not detected, they said.
In conclusion, the researchers expect the number of VSTO-built attacks to continue rising. They also expect nation-states and other high caliber actors to adopt the practice as well. Stay safe online with the best firewalls today
Via: BleepingComputer
======================================================================
Link to news story:
https://www.techradar.com/news/microsoft-visual-studio-add-ins-could-be-used-t o-deliver-malware
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)