A malicious document generator called EtterSilent is gaining more attention on underground forums, security researchers note. As its popularity grew, the developer continued to improve it to avoid detection by security solutions, this tool gives attackers the ability to generate malicious Microsoft Term documents capable of compromising systems with hard-to-detect attacks, underscoring the danger. continuous represented by macros.
EtterSilent, has quickly become well-known among cybercrime groups and allows attackers to create Phrase files that masquerade as DocuSign documents but can actually compromise systems using macros or exploiting a known vulnerability. Windows systems that are configured to allow macros to run, or that have not been patched for the specific vulnerability, are at risk from files created by the service.
Macros have plagued cybersecurity for decades. In 1999, the first widespread email infecter, the Melissa virus, used a Term document with a macro to infect systems and send itself to other people in the victim’s address book. Last year, researchers discovered that cybercriminals were increasingly using Excel 4 macros as a way to execute attack scripts. Macros in the Microsoft Office environment can also affect the security of Macs, if the attacker breaks through some layers of security.
One of the exploited vulnerabilities is CVE-2017-8570, a high severity remote code execution. The author also mentioned two other vulnerabilities CVE-2017-11882 is CVE-2018-0802, although some restrictions have been applied, and in fact they have been demonstrated on video.
EtterSilents services is pretty cheap, security experts say, and it costs only a few dollars to build. So far, only EtterSilent documents sent as spam as part of a Trickbot campaign have been seen, as well as three banking Trojans: BokBot, Gozi ISFB and QBot, and as we always say, do not fall for these deception attempts, before opening any Mail analyze it, read it and if you don’t trust it, delete it is the best.
See also:
Cybercriminals create an app that passes as Telegram
PoS Malware is a Virus that steals financial data
[…] reads:EtterSilent tool used by cybercriminalsFlame – A malware that alarmed everyone in its […]