Hackers are using a new, malleable malicious document builder to run their criminal schemes, according to Intel 471 research published Tuesday.
The document builder, known as EtterSilent, has been advertised in a Russian cybercrime forum and comes in two versions, according to the research. One exploits a vulnerability in Microsoft Office, CVE-2017-8570, and one uses a malicious macro.
One version of EtterSilent imitates the digital signature product DocuSign, though when targets click through to electronically sign documents, they are prompted to enable macros. This allows the attackers to target victims with malware.