Malware, Vulnerability Management

Microsoft Visual Studio exploited in malware attacks

BleepingComputer reports that more threat actors have been leveraging Microsoft Visual Studio Tools for Office to enable .NET-based malware integration within Office add-ins after Microsoft moved to block VBA and XL4 macro execution in Office by default. While the local VSTO method, which does not have trust-related security mechanism bypass requirements for add-in code execution, is more favorable among attackers, some threat actors have also used remote VSTO add-ins, according to a Deep Instinct report. Attacks using VSTO involved a "custom.xml" parameter enabling add-in tracking and installation, with the add-in payload's dependencies usually stored alongside a document in an ISO container. The report showed that opening the document would trigger an add-in installation prompt, with an attack targeted at Spanish users found to result in the execution of an encoded and compressed PowerShell script. Meanwhile, threat actors in an attack using a remote VSTO-based add-in configured the payload to facilitate the download of a password-protected ZIP archive.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds