Malicious Microsoft Office Document Creation Tool Discovered on the Darknet

Security researchers from Flashpoint have discovered a tool on the darknet that automatically creates Microsoft Office documents with embedded malicious macros. The program, named Rubella Macro Builder, generates loaders capable of infecting a victim’s computer with banking trojans.

“Malware created with Rubella is typically distributed via Microsoft Word or Excel attachments in emails, acting as a loader in the initial stage of infection. It downloads additional malware onto the victim’s computer. The tool does not exploit any vulnerabilities, instead relying on social engineering techniques to trick victims into enabling the malicious macro,” the experts noted.

According to researchers, this tool first appeared on one of the most popular Russian-language hacker forums in February of this year. Initially, the tool was priced at $500 for a month of use, but in April, the price was reduced to $120 for a three-month subscription.

Rubella Macro Builder features various encryption algorithms and methods for downloading and executing additional malicious code, as well as the ability to generate documents with different lures.