Tuesday, October 11, 2016

Odinaff Trojan hitting banks using Microsoft Office macros

Those behind Odinaff are using a variety of techniques to break into the networks of targeted organisations: the most common method of gaining access is tricking employees into opening documents containing malicious macros.

While macros are turned off by default in Microsoft Word, the recipient can opt to enable them -- which they're encouraged to do by a malicious attachment -- at which point the Odinaff Trojan will be installed on their system. One way a user can avoid being infected in this way is simply to keep the default setting of not allowing macros to be disabled.

Another common technique involves the use of password protected .RAR archive files, which trick the victim into installing Odinaff. While cybersecurity researchers haven't been able to determine how these malicious documents and links are distributed by cybercrminals, it's believed spear-phishing is the main method of deployment.

Image result for rar file

Full article

No comments:

Post a Comment