Dropbox Strikes Back Against Bartalex Macro Malware Phishers

[Aerosol]

Dropbox strikes back against Bartalex macro malware phishers

Dropbox has struck back against a hacker group using its cloud storage services to store and spread the Bartalex macro malware.

Trend Micro fraud analyst Christopher Talampas reported uncovering the campaign while investigating attacks targeting the Automated Clearing House (ACH) network used by many businesses for electronic funds transfers in the US on Tuesday.

A Dropbox spokesperson later told V3 that the firm is aware of the campaign and has already taken action against the hackers.

"We're aware of the issue and have already revoked the ability for accounts involved to share links since they've violated our Acceptable Use Policy," said the spokesperson.

"We act quickly in response to abuse reports submitted to abuse@dropbox.com, and are constantly improving how we detect and prevent Dropbox users from sharing spam, malware or phishing links."

The use of Dropbox links containing the Bartalex macro malware reportedly makes the campaign particularly dangerous.

"Instead of attachments, the message this time bore a link to ‘view the full details'. By hovering over the URL we can see that it redirects to a Dropbox link with a file name related to the supposed ACH transaction," read Trend Micro in an advisory.

"The URL leads to a Dropbox page that contains specific instructions (and an almost convincing) Microsoft Office warning that instructs users to enable the macros.

"Upon enabling the macro, the malicious document then triggers the download of the banking malware."

Trend Micro reported uncovering at least 1,000 malicious Dropbox links hosting the malware during the campaigns peak.

It is unclear how successful the campaign has been, although Trend Micro said that the malware has been used to target big name financial institutions including JP Morgan.

Trend Micro cited the use of macro malware as a sign that criminals are rehashing old tricks in a bid to get round more modern system defences.

"Macro malware like Bartalex is seemingly more prominent than ever, which is an indicator that old threats are still effective infection vectors on systems today," read the advisory.

"And they seem to be adapting: they are now being hosted in legitimate services like Dropbox and, with the recent outbreak, macro malware may continue to threaten more businesses in the future."

Macro malware is a threat that afflicted older versions of Windows. Microsoft ended the threat with Office XP in 2001 when it tweaked its systems to request user permission before executing macros script in embedded files.

Macros are code scripts containing commands for automating tasks that are used in numerous applications.

The discovery follows a reported boom in phishing levels. Research from Verizon earlier in April showed that a staggering one in four phishing scams currently result in success.

Source