14 DAY TRIAL // Security researchers from Intel Security (formerly known as McAfee) have compiled their regular online threats report, showing the most aggressive and wide-spread malware types that have targeted users in the last month.
According to their report, they've detected a rise in two types of malicious campaigns: one using macro-based malware, and one using fileless, in-memory malware.
Macro malware
Macro malware is a very old type of malware that first arrived on the scene back in the ‘90s. Macro is a term used to describe a recorded set of operations which can be triggered by the push of a button.
Macros are commonly used in enterprise software, where employees can automate repetitive tasks. In recent years, office software has given macros more wide-reaching access to computers, allowing them to interact with more low-level PC features, not just the office software itself.
Because of this reason, in recent years, macro-based malware has resurfaced like never before, being spread most of the times via weaponized Word documents.
These documents are delivered to victims via spear phishing or spam campaigns, and once opened, users are asked to turn on macros support. Once this happens, the malware automatically executes, compromising the user's PC.
According to Intel Security, office-based macro threats are at their highest level in the last six years.
Fileless malware
On the same rising trend we find fileless malware, which seems to have evolved and now is truly fileless, in the real meaning of the word.
While in-memory (fileless) malware has been around for years, just like macro-malware, it wasn't entirely 100% fileless, always leaving a binary somewhere behind on the hard drive, easy to pick up by antivirus solutions.
According to Intel Security, recent fileless malware versions seem to have found a way around this issue, and are now much harder to detect, working entirely in a PC's RAM.
Some of the most recent observed fileless threats includes malware families like Kovter, Powelike, and XswKit. The numbers aren't as high as macro-based malware, but they aren't so low to be ignored either.
