After 29 years of support-by-default, Microsoft is disabling a macro language that almost nobody uses, apart from malware writers.
We look at a spear phishing attack from APT36, an Advanced Persistent Threat group posing as the government of India and offering guidance on coronavirus. Instead, users are infected with a Crimson RAT that steals data.
An old Microsoft Office feature has been brought back to the forefront as way to distribute malware without relying on macros or exploits.
In this post, we take apart a clever set of scripts used in a targeted attack against the government of Saudi Arabia.
Locky ransomware attempts to evade detection by relying once more on simple, yet effective user interaction.