A new crimeware kit dubbed the Rubella Macro Builder is rapidly gaining popularity in the cybercriminal underground. The Rubella Macro Builder allows crooks to generate a malicious payload for social-engineering spam campaigns, crooks are offering it as a service for a three-month license of $120.
According to Flashpoint researches, Rubella is not particularly sophisticated, the builder is used to create Microsoft Word or Excel weaponized documents to use in spam email. The Rubella-generated malware acts as a first-stage loader for other malware.
The Rubella Macro Builder is cheap, fast and easy to use, the malware it generated can evade antivirus detection.
“The macro junk and substitution method appears to be relatively primitive, relying on basic string substitutions. Additionally, its copy/paste implementation of the Base64 algorithm is displayed in Visual Basic Script (VBS) code implementation. The code is obfuscated through general Chr ASCII values.” continues the analysis.
Crooks continues to use weaponized documents for their campaigns, builders for Microsoft Office-based loader malware are a precious commodity in the underground.
Flashpoint also published the indicators of compromise (IOCs) for the Rubella macro builder here.
(Security Affairs – Rubella Macro Builder, malware)