Dutch authorities announced have arrested a 20-year old man that is accused to be the author of Dryad and Rubella Macro Builders.
The man lives in Utrecht, it created and distributed Rubella, Cetan and Dryad
“Recently the high tech crime team (THTC) of the Dutch National Police Unit arrested a 20 year old resident of the Dutch city of Utrecht. He is suspected of large-scale production and selling of malware.” reads the announcement. “The young man offered programs with names like Rubella, Cetan and Dryad, enabling the buyer to include secret code or malware in amongst others Word or Excel files.”
Both macro builders allow crooks to easily create malicious Office documents that are usually involved in hacking campaigns as a first-stage loader for other malware.
The Rubella Macro Builder
According to Flashpoint, Rubella is not particularly sophisticated, the builder is used to create Microsoft Word or Excel
The macro might also purposely attempt to bypass endpoint security defenses.
The Rubella Macro Builder is cheap, fast and easy to use, the malware it generated can evade antivirus detection.
The Dutch man was identified by law enforcement with the support of McAfee and another private company.
According to McAfee, Dryad and Rubella are very similar, and a conversation with the suspect revealed that the individual was behind both of them.
“Announced today, the Dutch National High-Tech Crime Unit (NHTCU) arrested an individual suspected of building and selling such a criminal toolkit named the Rubella Macro Builder.” reads a post published by McAfee. “McAfee Advanced Threat Research spotted the Rubella toolkit in the wild some time ago and was able to provide NHTCU with insights that proved crucial in its investigation.”
The man was also promoting a variety of different products and services, ranging from stolen credit card data, a malware to steal funds from crypto wallets and a malicious loader software to a newly pitched product called Tantalus
The Dutch authorities also revealed that the man had in possession access credentials for thousands of websites.
The police also seized around 20,000 Euro (around $22,000) in cryptocurrency such as Bitcoins.
(SecurityAffairs – Macro builder, GDPR)