Connect with us

Operating Systems

Microsoft Word Intruder Revealed – inside a malware construction kit



Start thinking back, and bring to mind the big “Malware In The Media” stories of the last few years.

What did you come up with?

We let our minds go to town.


In particular, our first thoughts were of two rather different sorts of cyberattack, committed by two very different sorts of operator:

  • Malware that aims far and wide in order to make as much money for the crooks as quickly as possible. All publicity welcome, especially if it convinces people that paying up actually works. Example: CryptoLocker.
  • Malware targeted for a very specific purpose, such as industrial or political espionage. Publicity unwelcome, because the aim is to lie hidden until the bullseye is hit. Example: Stuxnet.

There are certainly plenty of defensive lessons to learn from each of these examples.

But there’s a fascinating middle ground, where cybercrooks from the first group are quietly adopting the more subtle approach of the so-called Advanced Persistent Threatsters of the second group.

And SophosLabs researcher Gabor Szappanos has just published a paper looking into this phenomenon.

Szappi, as we usually refer to him here, is popular with Naked Security readers with good reason: his papers are always both interesting and informative, worthwhile not only for lay readers but also for the more technical audience.

The paper is entitled Microsoft Word Intruder Revealed, and it digs into a rather special facet of cybercrime: the malware construction kit.

As the name suggests, Microsoft Word Intruder (MWI) focuses on sneaking malware onto your computer using booby-trapped Word files, rather than by using treacherous web links you have to click, or by embedding malicious Flash objects into poisoned online ads.

As Szappi explains in the paper, the creator of MWI is effectively offering an exploits-as-you-need-them malware creation service that “deskills” the Remote Code Execution (RCE) part of malware distribution.

You no longer need to know how to exploit Word yourself.

For a modest fee, you can have your malware packaged into personalised booby-trapped documents that you can email out to prospective victims.

However, there are terms and conditions!

Objekt, the Russian operator of MWI, requires his customers to tread softly.

You can deliver any sort of malware you like, but you have to agree not to do massive spam runs or to draw unnecessary attention to yourself.

In short, to buy into MWI you need to take the more subtle approach of the targeted attacker, even if your goal is to make money from anyone and everyone rather than to breach one specific target.

Has this fusion approach worked?

Szappi’s detailed research suggests that it has.

He found that MWI’s niche market has helped dozens of cybercrime groups to deliver many hundreds of different malware samples from numerous different malware families covering most major malware types.

Banking Trojans, bots, remote access tools: MWI has packaged and delivered them all, without drawing much attention to itself.

As Szappi concludes:

Even though the Microsoft Word Intruder kit is advertised for targeted attacks, which are usually associated with nation-state intrusions or other focused surveillance operations, it seems that its primary users are money-making cybercriminals aiming for smaller, less obvious, malware campaigns.

It seems that some cybergangs are learning that less really can be more.

Microsoft Word Intruder Revealed is not just a fascinating and well-organised paper, it also gives you some solid advice on real-world precautions you can take.



Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Operating Systems

Android 10 reportedly rolling out to Pixel phones on Sept. 3




The release of the next generation of Android may be at hand. Google is expected to release Android 10 on Tuesday, according to a carrier support page spotted by 9to5Google.

The new operating system is scheduled to roll out to all Pixel phones, according to a page posted by Canadian carrier Rogers Communications, 9to5Google reported. The Rogers support page listed Sept. 3 as the launch date of “Q OS” for the Google Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3a and Pixel 3a XL.

The mention of update has since been removed from the support page, but a support page at Canadian carrier Telus also lists Tuesday as the release of “Android Q.”

Google and Rogers didn’t didn’t immediately respond to requests for comment.

Google released the first preview version of the software in March and demoed more features at its annual I/O developer conference in May.

The company announced in August that the next generation of its mobile operating system — previously called Android Q — will be known as Android 10. No date was given at the time for when the new software would be made available. 

One of Google’s key selling points for Android 10 is a new approach to keeping personal information private. The new privacy features come in the form of more granular location controls and a dedicated privacy section in the settings app.


Continue Reading

Operating Systems

Why you probably shouldn’t install iOS 13 and the other betas just yet




Apple this week officially released the first developer beta of iOS 13. As always, many people are eager to install the new iOS version and try the latest features, but there are several reasons why you should probably hold off. After all, it is a very early beta and is bound to have numerous problems.

Should you install the iOS 13 beta?

Apple itself acknowledges that the first beta of iOS 13 is buggy, warning “thrill seekers” that they should probably wait for the public beta coming next month:

Important Note for Thrill Seekers: If you’re interested in living on the edge and trying out the great new features in iOS 13, we strongly advise waiting for the many bug fixes and refinements coming to the public beta next month.

iOS 13 includes all of the problems you’d expect from an early iOS beta. That means a warmer-than-usual device temperature, completely unoptimized battery life, and numerous interface quirks, app crashes, and more.

Across all five of the new betas, iOS, iPadOS, macOS, tvOS, and watchOS, you’ll run into compatibility issues with third-party apps. These betas are designed to give developers the opportunity to update their applications ahead of the stable releases this fall, and you shouldn’t expect applications to run as-expected until then.

Apple has also increased the difficulty level of the install with this year’s iOS 13 beta. While it used an OTA system last year, the first beta of iOS 13 is available only as a direct download from Apple’s Developer site. It also requires that you have the Xcode beta installed and that you restore via iTunes.

Apple will eventually release public beta versions of macOS 10.15, iOS 13, and tvOS 13. Those will likely come next month and will represent a more stable, but still buggy, way for the general public to test out the latest and greatest operating systems. The public betas, and future developer betas, will be available as over-the-air updates as well, dramatically simplifying the install process.

If you’re still tempted to try iOS 13 and the other betas in their current beta form, our advice is to install them on devices that you don’t rely on day-to-day. This will let you try out the new features, while also preserving the experience on your daily devices.


Continue Reading


Huawei folding phone(Mate X) reappears to boast 5G speed




Since the start of problems Huawei with the United States, many users who have thought about the launch of Mate X. The Huawei phone with folding screen had planned to reach the market this June, and doubts about its release do not stop creating as the days pass. Where is Mate X?

First 5G tests with the Huawei Mate X

The latest clues come with official information, as the president of the Huawei smartphones branch has shared some images in which you can see some speed tests carried out with the famous phone with a folding screen. The images reveal that the maximum speed reached in the tests of Speedtest reached 1 gigabit per second, while the rise was at 100 megabytes per second.

This is undoubtedly excellent news for those interested in knowing about the first Huawei folding phone. We hope that the program runs its course and this same month when we see the phone for sale (even if only in China), although it is clear that the doubts will continue on which licenses will be affected when marketing it and, basically, what such will respond the screen to everyday use, something that as we could see did not sit well at the option of Samsung.

On the other hand, Gang assured that the speeds obtained in the laboratory tests reached the figure of 1.2 Gbps, so technically the phone is able to reach higher cruising speed, although we are very much afraid that in conditions normal the result will be similar to that of the video. At this point, there is no doubt that the 5G is tremendously fast, right?

Embedded video

The mobile download speed can surpass 1 Gbps using the #5G network, He Gang, head of Huawei’s smartphone unit proved in a vlog with Huawei’s foldable Mate X handset on Tuesday.

Huawei mate x 5g testing using a customized Android version?

Taking a deeper look at the video, we can see how this unit of Mate X has a home screen where no icon of any application belonging to Google appears . It is something that could simply be a measure not to promote the company that has left out, a simple custom configuration or something even more complex, are we facing a version of Android customized by Huawei ?

This last option is the most rocambolesque, but there is another detail that is equally suspect: why is a virtual start button placed on the screen? Until now, the device had been showing the lower status bar with the classic buttons of Android, and in the case of not showing it, an upward gesture would be enough for it to reappear. As we said, these are suspicious details that generate enough doubts about the version of the operating system that is running the device, but for now, we will turn a blind eye and focus only on the results of the 5G tests.


Continue Reading


Copyright © 2020 Inventrium Magazine

%d bloggers like this: