Security researchers spotted the cyber offenders using macro malware as a vector in order to spread Neutrino Bot, which is also known as Kasidet, through spear phishing emails. Such email appears to be from a known person or a business. However, it is not. These emails appears from the same con artists who want your credit/debit card information, bank account details and other financial information from your machine. Over the past three weeks, criminal hackers have been using the same VBA (Visual Basic for Applications) macros found in the Microsoft Office that have been used to place the Dridex in order to drop Neutrino Bot as well. According to the researchers, the malicious MS Office documents are usually spread as an attachment by using spear phishing emails.
Once the malicious file attached on spear phishing mails downloaded, researchers observed a particular strain of Neutrino Bot stealing confidential information from the user’s computer via browser hooking and memory scrapping. Besides, the malware which uses macros was found onto the Microsoft Windows Office products, saw its heyday in late 90’s when it was first reported and identified as a Melissa virus. Furthermore, the Microsoft had taken measure security steps, which includes adding a permissions steps for the Office documents users, in order to help curtail the issues. However, a new and improved version of Office documents was spotted last year.
As researchers said, the Office macros have also been used as a medium to spread Neutrino Bot, banking Trojans and BlackEnergy Trojan as of late. Analysts said that the shared methods do not necessarily establish and links between the developers of these two malwares. Additionally, Neutrino Bot is also reported as a Win32/Kasidet which is a piece of dangerous malware used to perform various harmful operations, namely UDP flooding, TCP flooding, download flooding and HTTP flooding. The cyber hackers may use this malware to grab sensitive information entered in online forms, capture keyboard strokes, connect with an affected computer through the Internet browsers and update their malware.
On the other hand, Neutrino Bot has a very small file size (50kb) which allows the malware to have light computer resources consumption and has the ability in order to work under restricted account. System users may be interested to know that the Kasidet or Neutrino Bot malware can spread through archive files and USB drives. Cyber crooks can purchase this threat online for 250 USD and execute the malicious activities which may allow the criminal hackers to steal your banking account details and capture your input data. Therefore, it is very important to be extremely careful with the Office documents masked as invoices, or other such type of reports which uses the macro feature to execute codes that will download and restore an actual payload. As an end user, don’t enable macros unless you fully trust the file or are running it in the virtualized environment.