Malware News Malicious Macro Hijacks Desktop Shortcuts to Deliver Backdoor

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,048
Despite being around for decades, cybercriminals are still using malicious macro to deliver malware, albeit in more creative ways to make them more effective. The threat actors behind a recent case used macro in a more roundabout way, with a macro that searches for specific shortcut files in the user’s system, which it replaces with one that points to its downloaded malware. The downloaded malware executes when the user clicks on the modified desktop shortcut.

After the malware executes, it recovers the original shortcut file to open the correct application again. The malware then “assembles” its payloads. Instead of using its own created tools, it downloads common tools available on the internet like various Windows tools, WinRAR, and Ammyy Admin to gather information and send back via SMTP.

While the macro and the downloaded malware are not sophisticated, this method is still interesting mostly because it has signs of continuing what seems to be unfinished development.

[...] Malicious Macro Hijacks Desktop Shortcuts to Deliver Backdoor - TrendLabs Security Intelligence Blog
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top