A new multi-stage trojan, “Orcinius,” exploits Dropbox and Google Docs.
It starts with an Excel spreadsheet containing a ‘VBA stomping’ macro. When executed, this macro hooks into Windows, enabling the trojan to monitor and capture keystrokes and active windows.
How Orcinius Operates
According to Broadcom reports, Orcinius employs an insidious initial attack vector.
Once the Excel spreadsheet is opened, the embedded VBA macro downloads secondary payloads from Dropbox and Google Docs.
This multi-stage approach helps the malware evade traditional detection methods, making it a formidable threat.
Orcinius can hook into the Windows OS to capture sensitive information like keystrokes and active windows, leading to potential data breaches and financial losses for affected users.
Symantec has identified several indicators of the Orcinius threat, including ISB.Downloader!gen60, ISB.Downloader!gen68, X97M.Zorex, Web.Reputation.1, and WS.Malware.1.
These indicators are crucial for detecting and mitigating Orcinius.
VMware Carbon Black products have also been updated to block and detect associated malicious indicators through existing policies.
The recommended policy includes blocking all types of malware from executing, whether known, suspect, or potentially unwanted programs (PUPs), and delaying execution for cloud scans to fully leverage the VMware Carbon Black Cloud reputation service.
As cyber threats evolve, individuals and organizations must stay vigilant and adopt robust cybersecurity measures.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment