• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   macro

Latest Trickbot Campaign Delivered via Highly Obfuscated JS File
  • Posted on:August 5, 2019 at 5:03 am
  • Posted in:Malware, Spam
  • Author:
    Trend Micro
0

We have been tracking Trickbot banking trojan activity and recently discovered a variant of the malware (detected by Trend Micro as TrojanSpy.Win32.TRICKBOT.TIGOCDC) from distributed spam emails that contain a Microsoft Word document with enabled macro. Once the document is clicked, it drops a heavily obfuscated JS file (JavaScript) that downloads Trickbot as its payload. This malware also checks for the number of running processes in the affected machine; if it detects that it’s in an environment with limited processes, the malware will not proceed with its routine as it assumes that it is running in a virtual environment.

Read More
Tags: banking TrojanJavaScriptJSmacroMicrosoft Word

Potential Targeted Attack Uses AutoHotkey and Malicious Script Embedded in Excel File to Avoid Detection
  • Posted on:April 17, 2019 at 5:14 am
  • Posted in:Targeted Attacks
  • Author:
    Trend Micro
0

We discovered a potential targeted attack that makes use of legitimate script engine AutoHotkey, in combination with malicious script files. This file is distributed as an email attachment and disguised as a legitimate document with the filename “Military Financing.xlsm.” The user would need to enable macro for it to open fully, which would use AutoHotkey in loading the malicious script file to avoid detection.

Read More
Tags: AutoHotKeymacro

Malicious Macro Hijacks Desktop Shortcuts to Deliver Backdoor
  • Posted on:July 3, 2018 at 5:01 am
  • Posted in:Malware
  • Author:
    Trend Micro Cyber Safety Solutions Team
0

by Loseway Lu Despite being around for decades, cybercriminals are still using malicious macro to deliver malware, albeit in more creative ways to make them more effective. The threat actors behind a recent case used macro in a more roundabout way, with a macro that searches for specific shortcut files in the user’s system, which…

Read More
Tags: macromacro-based attack

New Malicious Macro Evasion Tactics Exposed in URSNIF Spam Mail
  • Posted on:October 18, 2017 at 4:59 am
  • Posted in:Malware
  • Author:
    Trend Micro
0

by John Anthony Bañes Malicious macros are commonly used to deliver malware payloads to victims, usually by coercing victims into enabling the macro sent via spam email. The macro then executes a PowerShell script to download ransomware or some other malware. Just this September EMOTET, an older banking malware, leveraged this method in a campaign that…

Read More
Tags: macrosandboxSpam

Macro Threats and Ransomware Make Their Mark: A Midyear Look at the Email Landscape
  • Posted on:August 31, 2015 at 1:14 pm
  • Posted in:Ransomware, Spam
  • Author:
    Maydalene Salvador (Anti-spam Research Engineer)
0

Email can be considered a big business—for cybercrime. In 2014, 196.3 billion emails were sent and received daily. Of that number, 108.7 billion were business emails. With the volume of business emails sent daily, it would be unimaginable for cybercriminals not to take advantage of email to target big businesses. And those attempts can result in million-dollar…

Read More
Tags: 1H 2015 spam roundupemailemail roundupmacroSpamspam roundup
Page 1 of 212

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group
  • January Patch Tuesday: Update List Includes Fixes for Internet Explorer, Remote Desktop, Cryptographic Bugs
  • Old Tools for New Money: URL Spreading Shellbot and XMRig Using 17-year-old XHide
  • Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts Multiple Mobile Apps
  • Outlaw Hacking Group’s Botnet Observed Spreading Miner, Perl-Based Backdoor

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.