The shift in attack vectors includes JavaScript, MSI files, LNK objects, and ISOs, as Microsoft has disabled Office macros in documents downloaded from the Internet.
Some sophisticated attackers are now using other undisclosed methods to go unnoticed.
The Elastic team of security researchers has spotted a new kind of infection, dubbed “GrimResource,” that uses MSC files to run code inside mmc.exe when a user interacts with such a modified file.
The Virus Total discovered this technique for the first time on June 6th, reflecting a continuing evolution in malware delivery mechanisms responding to enhanced security features.
Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan
Technical Analysis
The GrimResource technique exploits an ancient XSS vulnerability in the apds.dll library, allowing arbitrary JavaScript execution within mmc.exe upon opening specifically crafted MSC…