Service to Embed Documents with Malicious Executables for Sale on Cybercrime Forum

Category Adversary Intelligence
Affected Industries All
Affected Region Global

Executive summary

CloudSEK’s flagship digital risk monitoring platformXVigildiscovered a post, on a cybercrime forum, advertising a service allegedly claimed that it can embed documents with any malicious executables. The threat actor claims that the embedded document can bypass Google, Gmail, and Google Drive protection. CloudSEK’s Threat Intelligence Research team is in the process of validating this post. Analysis of the demonstration video indicates exploitation of Microsoft Excel Add-ins extension “.xll”.

Post advertising the service to embed documents with malicious executables

Post advertising the service to embed documents with malicious executables

image

1 Like