SophosLabs has released a malware forecast to coincide with the start of RSA Conference 2017.
Typically, our research papers focus on Windows, which has traditionally been the largest battleground. While some of the report does indeed look at Microsoft-specific challenges, we decided to focus more on the increasing malware threats directed at platforms where the risks are often not as well understood, specifically Linux, MacOS and Android devices.
Malware authors have been using Microsoft Office document exploits for quite some time, but in the past couple of years, document malware has experienced a resurgence.
Typically, exploited documents are attached to email messages and sent out to large numbers of random recipients (in the case of cybercrime groups) or a smaller number of selected targets (in the case of APT groups).
Office exploit generators play a crucial role in making Office exploitation available to common cybercriminals. However, despite their significance, most Office exploit kits have not been covered in detail.
In a new research paper, SophosLabs Principal Malware Researcher Gabor Szappanos analyzes some of the most impactful Office exploit generators.
SophosLabs researcher Gabor Szappanos is at it again, with new research exploring and explaining the mechanics of a malware creation kit that was used in a series of campaigns between May and August 2015.
Gabor has been tracking the development of malware used in advanced persistent threat (APT) campaigns over the past couple of years, including PlugX and other document-based attacks.
This time, he cracks open the case of an intriguing malware construction kit available in underground cybercrime markets: Microsoft Word Intruder (MWI).