Recently security experts have seen old tricks rising from the dead (like for example word/excel macros attachment in e-mails) and malicious VBE files are being spread via email targeting Brazilian users.
These VBE files end up to be downloaded by users and when opened serve a banking Trojan malware on the victim’s machine.
Talking about the attack itself, all starts with an email with a .ZIP attachment or including a link to the malicious VBE file. These emails can be related with many subjects, recently attackers are using the Windows 10 release as the subject.
The malicious file attached or downloaded is very small, normally less than 1KB. Analyzing the file, we may find it encoded and looking like this:
After decoding, it will be possible to see the real intentions of the person or group who wrote the malicious file, in the specific case we see a reference to a website:
This malware belongs to the family of Banload and looking worldwide we see Brazil, Portugal and Spain as the most targeted countries:
This is another case among many others, it is necessary to adopt mitigation techniques that can help security departments to control such kind of attacks.
The images used in this post were taken from a blog post published by the security expert Fabio SecureList post.
Elsio Pinto (@high54security) is at the moment the Lead Mcafee Security Engineer at Swiss Re, but he also as known in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog Mcafee Security Engineer at Swiss Re, but he also as known in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/
(Security Affairs – VBE file, macros)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.