Researchers have discovered a cyberespionage group called “Rancor” which has been distributing a new malware campaign “Dudell” via Microsoft Excel documents.

According to researchers at Palo Alto Networks, Rancor threat group has been active since 2017 and has been targeting government organizations until January 2019. It’s believed the group performed two rounds of attacks to install Derusbi or KHRat malware on victim systems beginning early December 2018 till the end of January 2019.

“In recent attacks, the group has persistently targeted at least one government organization in Cambodia from December 2018 through January 2019. While researching these attacks, we discovered an undocumented, custom malware family – which we’ve named Dudell. In addition, we discovered the group using Derusbi, which is a malware family believed to be unique to a small subset of Chinese cyber espionage groups,” researchers said in a statement.

How Dudell Malware Infects?

Attackers spread Dudell malware with weaponized Microsoft excel document via malspam email attachment. Once a victim opens the attachment, the malicious macro gets triggered, and it automatically downloads on to the victim’s device.

After the execution, the malware attempts to evade sandbox analysis and steals victim information like IP address, hostname, language pack, and operating system details.

According to researchers, Dudell could also perform other malicious processes including:

Downloading and uploading files

Deleting files

Taking screenshots

Terminating specific processes

Executing commands

Listing folder contents

Enumerate processes and storage volumes

In a similar research, security experts at Microsoft said cybercriminals are customizing their phishing attack methods to trick companies and their users. The researchers stated that phishing campaigns grew from 0.2 percent in January 2018 to 0.6 percent in October 2019.

In its recently released 2019 Cybersecurity Trends report, Microsoft highlighted that phishing was one of the attack vectors that was rising over the past two years. “In 2019, we saw phishing attacks reach new levels of creativity and sophistication,” Microsoft said.

See the original article posted by CISOMAG - December 24, 2019 https://www.cisomag.com/hacker-group-uses-new-custom-malware-dudell-to-infect-ms-excel-docs/