“There have recently been multiple malware campaigns using this file type that are able to avoid antivirus detection, due to the fact that these engines view ODT files as standard archives and don’t apply the same rules it normally would for an Office document,” they wrote. They said some AV engines and system sandboxes do not handle these ODT file formats with the appropriate method so they become “missed” in some instances. “The use of the ODT file format shows that actors are happy to try out different mechanisms of infection, perhaps in an attempt to see if… these documents have a higher rate of infection or are better at avoiding detection,” wrote Cisco Talos researchers Warren Mercer and Paul Rascagneres on Monday. But researchers at Cisco Talos said that because these attempts are nearly certain to be red flagged by endpoint protection, hackers are turning to the OpenDocument (ODT) format to avoid detection. Past macro-based attacks have relied on malware hitching a ride with.
Attackers have a new obfuscation technique that uses the OpenDocument file format for sneaking payloads past antivirus software.
0 kommentar(er)
