Visual Basic Application, part of Microsoft Corporation is a legacy software built by the company itself to build applications for the Windows operating system. VBA is used in many of the famous Microsoft Saas products like MS Office, Office applications such as Access, Excel, PowerPoint, Publisher, Word, and Visio. VBA work is completely event-based, so apart from that, you can also design your windows machine to do certain tasks. But recently some attackers have found vulnerabilities in Microsoft Browser and because of this hackers Exploiting VBA Malware on Targeted devices. Let’s know more about this in today’s article.
How are Hackers Exploiting VBA Malware?
The attackers have not been found yet, but they’re exploiting a now-patched zero-day in the Internet Explorer browser and are delivering a fully-featured Visual Basic Application based RAT (Remote Access Trojan). This malware is capable of accessing files from a secluded windows machine. Not only that but it can also download malicious payloads and execute them.
This Malware creates a backdoor from victims machines to attackers machines. But firstly it is distributed to victims machine by decoying a document naming “Manifest.docx“. In this file, the template code is already designed to target the vulnerability. This RAT when executed, also executes a shellcode eventually deploying the RAT. This suspicious file was detected by Malwarebytes on 21 July 2021.
Who Found Out This VBA Malware Vulnerability?
This Vulnerability in Internet Explorer, titled CVE-2021-26411 was used by the North Korea-backed Lazarus Group for targeting security researchers that were working on security research and development.
Well if you’re still using internet explorer then we’d recommend you update it to the latest possible version. And if possible at best you should change your browser at all and remove Internet Explorer from your machine.