A script compile error has temporarily stopped the infection chain of a malspam campaign trying to infect users with the
GandCrab ransomware.
Not all GandCrab versions are affected, but only a GandCrab operation that tries to infect victims via malicious Word files users receive via spam emails.
These Word documents contain malicious VBScript code hidden inside a Word macro. If users download and open these Word files, then allow the macro to execute, the VBScript downloads and installs the GandCrab ransomware.
Compile error spotted earlier this week
While investigating this malspam campaign, security researcher Brad Duncan has spotted a compile error that blocks the VBScript from executing, meaning users won't get infected with GandCrab.
"Due to this compile error in the macro code, I can't say how many potential victims might have been spared from an infection since 2018-04-10,"
Duncan wrote on the SANS ISC forum yesterday.
But according to data Bleeping Computer obtained from the
ID-Ransomware service, there was hardly a noticeable dent in GandCrab infection numbers this week or compared to last week.
.....
.....
.....
