HIT-and-RUN Info Stealer Research (Non-Persistent)

Recently, we have heard on DDE features in Microsoft Office Documents on how hackers might compromise user's computers with Trojans,RAT and Ransomware. However, I still favor Macro as it is still the simplest thing ever and notification of the message is much simpler and less destructive compared to the one shown by DDE. Most hackers might still stick with Macro technique to deploy malware, RAT and ransomware. In my recent research, I found some ways to bypassed any type of Antivirus and this technique might already being used by some hackers out there. However, this method will never be able to have persistent access as it is more to a HIT-and-RUN kind of attack. The codes in it are pretty much "INNOCENT". There is this saying that, there is no way to tell whether a "copy-and-paste" activity is malicious or not. What more to expect when all the tools or commands used are built-in within Windows itself. Antivirus really has problem detecting or telling that "this innocent" action is malicious or not. In my demo I will show how the special Macro that I programmed to steal browsers password and also upload data using built-in Windows FTP tools. I tested this macro on other computer with Kaspersky in it during the development stage,and Kaspersky did not catch anything either. This is sad and detection should include "non-malicious" command line. Voodooshield is good at detecting the FTP tool...but i worked around it and it failed to detect...sad :-( Stay tune for my video demo on this! :-)

#macromalware #pandaadaptivedefense360 #voodoshield #traditionalAV #nextgenav