Microsoft Office Users Targeted by Zloader Banking Malware
Reading Time: 2 minutes

Microsoft Office Users Targeted by Zloader Banking Malware. Hackers are using the novel malware obscure technique to disable Office defenses and download the Zloader banking malware onto systems without security tools flagging it.

According to researchers at McAfee, the attack merges functions in Microsoft Office Word and Excel files to work together and download the Zloader payload. It is able to do this without triggering an alert warning for end-users of the malicious attack.

Zloader banking malware is known to steal credentials and other private information from users of targeted financial institutions.

The bad actors send phishing messages with Word document attachments containing malicious code. Resulting in it not triggering an email gateway or client-side antivirus software to block the attack.

The technique used by Zloader banking malware leverages both Microsoft Office’s Excel dynamic data exchange (DDE) fields and Windows-based Visual Basic for Applications (VBA) and launches attacks against systems that support legacy XLS formats.

How does Zloader Banking Malware work?

Bad actors trick victims of the email to enable macros with a message appearing inside the Word document since Microsoft Office automatically disables them.
The victims receive a message that says, “This document was created in the previous version of Microsoft Office Word. To view or edit this document, please click the ‘Enable editing’ button on the top bar, and then click ‘Enable content’.,”

Authors of the malware leverage DDE and VBA, these are standard Microsoft tools shipped along with Windows.

Excel and Word use DDE for transferring data between applications. In this case, the process updates the contents of a spreadsheet cell with information from Word. This allows the Word document to read the specific Excel cell content of the downloaded .XLS file. While the Excel document is populated with the Word-based VBA instructions.

On the other hand, VBA is Microsoft’s programming language for Excel, Word, and other Office programs. It allows users to create strings of commands using a tool called Macro Recorder. In this case, malware authors create malicious macro scripts.

According to a description of VBA, “Excel will record all the steps a user makes and save it as a ‘process’ known as a macro. When the user ends the recorder, this macro is saved and can be assigned to a button that will run the exact same process again when clicked.”

Related Articles:

Philips Vue PACS Medical Imaging Systems are Vulnerable to Hackers
Latest Google Scorecards Tool Scans Open-Source Software For More Security Risks
Snapods TWS Earbuds Combined AirPods And Magsafe Into One Incredible Package