Following Microsoft’s macro crackdown, hackers are exploring new techniques to spread malware.
It was just a matter of time until hackers devised a new technique, now that macros in downloaded Microsoft Office files are officially dead.
According to cybersecurity specialists at Proofpoint, they’ve discovered three new ways to trick people into downloading malware.
The company’s most recent research claims; that instead of macro-laden Office files, which are currently on the decline, criminals are opting for container files, shortcuts, and HTML files.
From October 2021 until now, the amount of macro-enabled Office files used to propagate malware fell by 66%. However, the use of container files including ISO files, ZIP files, RAR files, and similar increased by nearly 175%.
Container files are an excellent technique to dodge antivirus software, and if they include a password, their apparent validity improves even more.
In February 2022, the use of shortcut files (.LNK) increased by 1,675% since October 2021. Researchers at Proofpoint think 10 distinct threat actors are now using shortcut files to transmit malware, including heavyweights such as Emotet, Qbot, and IcedID.
The shortcut files’ icons could be modified to almost anything. It allows criminals to disguise these files as PDFs or Word documents.
They’re also incredibly powerful. Since they can execute practically any command for which the user has authorization. This includes PowerShell scripts, which the hackers use to trick victims into downloading malware from the internet.
According to cybersecurity reports, there has also been a noteworthy increase in the usage of HTML attachments. Since these sorts of files can be used to dump malware on target endpoints while escaping email protection systems. Nonetheless, HTML attachments have a modest volume, especially when compared to container files and shortcuts. If this will change in the future only time can tell.