Russian hackers have taken a shine to a new cybercrimeware kit called Rubella Macro Builder that is being touted as fast, cheap and capable of beating a basic antivirus defensive system.
The kit first came on the scene in February when it was spotted being rented for about $550 per month, according to Flashpoint researchers Vitali Kremez, Amina Bashir and Paul Burbage. However, lately, there has been some major changes to the price and the malware's capability. The kit acts as a first-stage loader and uses Microsoft Office and Excel email attachments to spread Panda and GootKit banking trojans. It does not take advantage of any system vulnerabilities, but instead relies on social engineering to convince the victim to open the malicious attachments.
Flashpoint noted the price has been reduced, as of April, to $120 for a three-month lease even while its capabilities have been improved.
“They also come with enhanced features including various encryption algorithm choices ( XOR and Base64), download methods (PowerShell, Bitsadmin, Microsoft.XMLHTTP, MSXML2.XMLHTTP, custom PowerShell payload), payload execution methods (executable, JavaScript, Visual Basic Script), and the ability to easily deploy social engineering decoy themes with an Enable Content feature turned on to run the macro,” researchers said.
As with any email-based attack, the best defense is to not open unknown email attachments nor enable macros to run.
