Rubella Macro Builder Crimeware Kit gains popularity on cybercrime underground
27.4.2018 securityaffairs CyberCrime
A new crimeware kit dubbed the Rubella Macro Builder is rapidly gaining popularity in the cybercriminal underground, experts already spotted its malware in the wild.
A new crimeware kit dubbed the Rubella Macro Builder is rapidly gaining popularity in the cybercriminal underground. The Rubella Macro Builder allows crooks to generate a malicious payload for social-engineering spam campaigns, crooks are offering it as a service for a three-month license of $120.
According to Flashpoint researches, Rubella is not particularly sophisticated, the builder is used to create Microsoft Word or Excel weaponized documents to use in spam email. The Rubella-generated malware acts as a first-stage loader for other malware.
The Rubella Macro Builder is cheap, fast and easy to use, the malware it generated can evade antivirus detection.
According to Flashpoint experts, also popular criminal gangs are using Rubella malware in their campaign, for example, the criminal crews behind the Panda and Gootkit banking malware.
“The macro junk and substitution method appears to be relatively primitive, relying on basic string substitutions. Additionally, its copy/paste implementation of the Base64 algorithm is displayed in Visual Basic Script (VBS) code implementation. The code is obfuscated through general Chr ASCII values.” continues the analysis.
Crooks continues to use weaponized documents for their campaigns, builders for Microsoft Office-based loader malware are a precious commodity in the underground.
Flashpoint also published the indicators of compromise (IOCs) for the Rubella macro builder here.