Malicious Word Document Impersonating U.S. Investment Bank (External Connection + VBA Macro)


The ASEC analysis team is continually reporting malicious documents disguised as North Korea or public institution related materials that are being distributed. In this post, the team will introduce a malicious DOC (Word) document impersonating a U.S. investment bank. See [Figure 1] for more details. The .doc document operates in MAC OS environment and installs a backdoor on the user PC upon being infected.

Read more…