New paper: Powering the distribution of Tesla stealer with PowerShell and VBA macros

Posted by Martijn Grooten on Apr 19, 2018

Ever since their return more than four years ago, initially in targeted attacks and later in large-scale malware campaigns, Office macros have been one of the most prominent ways to spread malware.

Today, we publish a research paper by Aditya K. Sood and Rohit Bansal of SecNiche Security, in which they analyse a malware campaign in which VBA macros are used to execute PowerShell code, which in turn downloads the actual payload: the Tesla information-stealing trojan.

The paper is available in both HTML and PDF format.

Latest posts:

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

VB2021 localhost videos available on YouTube

VB has made all VB2021 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

VB2021 localhost is over, but the content is still available to view!

VB2021 localhost - VB's second virtual conference - took place last week, but you can still watch all the presentations.

VB2021 localhost call for last-minute papers

The call for last-minute papers for VB2021 localhost is now open. Submit before 20 August to have your paper considered for one of the slots reserved for 'hot' research!

New article: Run your malicious VBA macros anywhere!

Kurt Natvig explains how he recompiled malicious VBA macro code to valid harmless Python 3.x code.