Service to Embed Documents with Malicious Executables for Sale on Cybercrime Forum

A post on a cybercrime forum is advertising a service allegedly claimed that it can embed documents with any malicious executables.
Updated on
April 19, 2023
Published on
July 22, 2021
Read MINUTES
5
Subscribe to the latest industry news, threats and resources.
Category Adversary Intelligence
Affected Industries All
Affected Region Global
 

Executive summary

CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a cybercrime forum, advertising a service allegedly claimed that it can embed documents with any malicious executables. The threat actor claims that the embedded document can bypass Google, Gmail, and Google Drive protection. CloudSEK’s Threat Intelligence Research team is in the process of validating this post. Analysis of the demonstration video indicates exploitation of Microsoft Excel Add-ins extension “.xll”. [caption id="attachment_17565" align="aligncenter" width="789"] Post advertising the service to embed documents with malicious executables[/caption]   [caption id="attachment_17566" align="aligncenter" width="718"] Post advertising the service to embed documents with malicious executables[/caption]  
Potential Impact Mitigation Measures
The service claims it will enable the buyer to:
  • Embed malicious executables, such as malware, in any document. 
  • Disseminate phishing emails with malicious documents as attachments.
  • Establish initial access to the victim machine.
  • Update anti-virus, prevention and detection endpoints regularly. 
  • Patch all applications and systems. 
  • Backup all data, with one offline backup, periodically. 
  • Avoid downloading suspicious documents. 
  • Don’t enable macros or content of unknown documents.

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.
Schedule a Demo
Real time Threat Intelligence Data
More information and context about Underground Chatter
On-Demand Research Services
Dashboard mockup
Global Threat Intelligence Feed

Protect and proceed with Actionable Intelligence

The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.
Trusted by 400+ Top organisations