Security researchers at Flashpoint have uncovered a new crimeware kit capable of launching massive spam malware campaign, and the kit is for sale on a hacking forum.
According to the researchers, the crimeware kit was first sold for $500 in February 2018, but as at April, the price has been reduced to just $120 for a three-month license fee. This hacking tool has received praises from different cybercriminal groups and wannabe hackers who explained how easy it was to launch massive campaign with the tools.
The crimeware kit is known as Rubella Macro Builder and it isn’t just designed to send packets at random but rather, allow users to distribute whatever payload they decide to distribute via executables, Visual Basic script and JavaScript.
“The Rubella Macro Builder is designed to be used in massive spam campaigns, not to target any specific organisations or individuals. Most spammers cast as wide a net as possible to reach as many potential victims as possible,” Flashpoint malware researcher, Paul Burbage said.
Rubella Macro Builder comes with enhanced features which include download methods, payload model and encryption algorithm choices. The malware can also bypass basic antivirus detection relying on Visual Basic Script obscurity methods like Base64, XOR and simple padding.
Flashpoint researchers explained that once the malware is installed on the victims’ computer system, the Rubella-generated malware will first act as the first-stage loader for the other malware installations and download onto infected machines.
The common route in which the malware is spread is through phishing emails using Microsoft Word or Excel attachments. The criminals prefer this method because the attachments will ask the user “enable content” to see the document, but unknown to the user, they fall, victim, the moment they enable macros. The hidden malicious code at this moment will then install itself on the system. One known victim of this campaign is the Australian financial institution.
Flashpoint researchers warn everyone to exercise caution with emails that contain a suspicious Microsoft Word or Excel attachments, especially those telling you that you‘ve missed a parcel delivery. You can click here to find a well-detailed list that would help you know when these a compromise.