Threat Management, Malware

‘Old Phantom Crypter’ supplants older Microsoft Office exploit builder tools

Out with the old, in with the... Old Phantom Crypter, which despite its name is actually a new Microsoft Office exploit builder that's been surpassing its predecessors in popularity among the cybercriminal community.

Gabor Szappanos, principal malware researcher at SophosLabs, described the ascendance of Old Phantom yesterday in a company blog post, which links to a more detailed technical paper. According to the post, most users of the builder are based in Nigeria and Russia, while the majority of victims (based on Q3 statistics) are located in America and Western Europe.

Old Phantom Crypter first emerged roughly 11 months ago, originating as a PE cryptor before adding the Microsoft Office exploits capabilities as a means to deliver the executable, 
Szappanos reports.

Over the past year, "The old, established, dominant 'brands' of maldoc builder tools (like Microsoft Word Intruder, Ancalog and AKBuilder) were abandoned," says Szappanos in the blog post, "and these previously dominant builders have been completely wiped out of the ecosystem," replaced by Old Phantom Crypter and several other newcomers.

A .Net executable, the builder "supports a wide selection of Microsoft Office exploits, from the archaic CVE-2010-3333 to the recent CVE-2017-11882 Equation Editor exploit," the blog post states.

Sophos has observed Old Phantom Crypter available on the dark web for a $199 per month subscription. "Additionally, we can estimate the number of customers to be around 100," Szappanos reports.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.