Now that macros in downloaded Microsoft Office files are officially dead (opens in new tab), it was only a matter of time before hackers came up with a new scheme.
According to cybersecurity experts Proofpoint, they’ve found not one, not two, but three new methods to get victims to download malware.
The company’s latest report says that instead of macro-laden Office files, which are now on a significant decline, crooks are going for container files, shortcuts, and HTML files.
Shortcuts spiking
From October 2021 until today, the number of macro-powered Office files used to distribute malware drooped by a whopping two-thirds (66%). On the other hand, the use of container files (ISO files, ZIP, RAR files, and similar) rose by approximately 175%. Container files are a great way to avoid antivirus solutions, and if they also come with a password, their perceived legitimacy grows that much bigger.
As for shortcut files (.LNK), their use exploded in February 2022, rising by 1,675% since October the year before. Proofpoint says that ten separate threat actors are now favoring shortcut files to distribute malware, and that includes some of the heavy-hitters like Emotet, Qbot, or IcedID.
The icons of the shortcut files can be changed to virtually anything, helping crooks masquerade these files as PDFs, or Word documents.
They’re also quite potent, as they can execute almost any command for which the victim has permission, including the execution of PowerShell scripts which, in this particular case, the crooks use to get people to download malware from the internet.
Proofpoint is also saying there’s been a noticeable rise in the use of HTML attachments, as these types of files can also be used to drop malware on target endpoints (opens in new tab), while avoiding email security systems. Still, HTML attachments have relatively low volume, especially compared to container files and shortcuts. Whether or not that changes in the future, remains to be seen.
Via: BleepingComputer (opens in new tab)