BTC $56772.0455
ETH $3229.2692
BNB $393.0365
SOL $106.6536
stETH $3224.6597
XRP $0.5621
ADA $0.6137
AVAX $38.6261
DOGE $0.0960
TRX $0.1415
wstETH $3753.2551
DOT $8.0619
LINK $18.8685
WETH $3222.5827
MATIC $1.0217
UNI $10.5943
WBTC $56672.8182
IMX $3.2827
ICP $12.8638
BCH $296.0952
LTC $73.4211
CAKE $3.1049
LEO $4.3751
ETC $27.6986
FIL $7.7121
KAS $0.1681
RNDR $7.1714
DAI $0.9992
HBAR $0.1085
ATOM $10.9103
INJ $37.3719
VET $0.0480
TON $2.1032
OKB $51.5043
FDUSD $1.0007
LDO $3.4620
STX $3.0518
XMR $133.5710
ARB $1.8885
XLM $0.1189
GRT $0.2844
TIA $16.9400
NEAR $3.9210
ENS $21.6903
MKR $2126.5962
WEMIX $2.0704
APEX $2.3723
BTC $56772.0455
ETH $3229.2692
BNB $393.0365
SOL $106.6536
stETH $3224.6597
XRP $0.5621
ADA $0.6137
AVAX $38.6261
DOGE $0.0960
TRX $0.1415
wstETH $3753.2551
DOT $8.0619
LINK $18.8685
WETH $3222.5827
MATIC $1.0217
UNI $10.5943
WBTC $56672.8182
IMX $3.2827
ICP $12.8638
BCH $296.0952
LTC $73.4211
CAKE $3.1049
LEO $4.3751
ETC $27.6986
FIL $7.7121
KAS $0.1681
RNDR $7.1714
DAI $0.9992
HBAR $0.1085
ATOM $10.9103
INJ $37.3719
VET $0.0480
TON $2.1032
OKB $51.5043
FDUSD $1.0007
LDO $3.4620
STX $3.0518
XMR $133.5710
ARB $1.8885
XLM $0.1189
GRT $0.2844
TIA $16.9400
NEAR $3.9210
ENS $21.6903
MKR $2126.5962
WEMIX $2.0704
APEX $2.3723
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Legitimate Microsoft VSTO tool will be used more often by hackers to infect devices


    Experts warn that attackers are looking for alternatives to disabled Microsoft Office macros.

    Security researchers at security firm Deep Instinct warn that hackers may increasingly use Microsoft Visual Studio Tools for Office (VSTO) as a method of resiliency and code execution on a target machine using malicious Office add-ins. This method is an alternative to embedding macros in documents that extract malware from an external source.

    VSTO is a software development kit that is part of the Microsoft Visual Studio IDE. It is used to create VSTO Add-ins, which are extensions to Office applications that can run code on a computer.

    These add-ins can be packaged with document files or downloaded from a remote location and run when the document is launched using the associated Office application (eg Word, Excel).

    The payload is stored with the document, usually inside an ISO container. The attackers make these additional files "hidden", hoping that the victim will not notice them and think that the archive contains only the document.

    After you run the document, you are prompted to install the add-in. Hackers can trick the victim into allowing the installation (similar to the "enable content" popup that allows malicious macros to run).

    In one attack targeting users in Spain, a payload executed an encoded and compressed PowerShell script on a computer.

    In another example that used a remote VSTO-based add-on, the cybercriminals installed a .DLL payload to download a password-protected ZIP archive and placed it in the %\AppData\Local\ folder. Deep Instinct was unable to retrieve the final payload due to the server being down at the time of investigation.

    To show how VSTO can help a hacker deliver and run malware and achieve persistence on the system, the researchers created a proof of concept (PoC) with a Meterpreter payload. Aside from the payload, which was specifically chosen to be easily detectable, all of the PoC components were under the radar of Windows Defender.

    Deep Instinct researchers expect more attackers to integrate VSTO into their attacks. They believe that “the nation-state and other highly skilled hackers will jump at this opportunity to bypass the Windows trust mechanism with valid code signing certificates.

    Author DeepWeb
    Cisco has fixed a bug that allowing you to keep the backdoor even when updating
    PixPirate is a new banking trojan for Android that uses a dangerous feature

    Comments 0

    Add comment