Researchers from Broadcom have recently discovered a new multi-stage Trojan named Orcinius, which utilizes popular cloud services like Dropbox and Google Docs to carry out its attacks.
This malicious program initiates its operations with an apparently harmless Excel file that contains a VBA macro tweaked using the VBA Stomping technique. Upon opening the file, the macro infiltrates the Windows OS, enabling the Trojan to monitor keystrokes and active windows.
Researchers highlight the sophisticated initial vector of the Orcinius attack, where opening the Excel file triggers the VBA MACROS, loading additional malicious components via Dropbox and Google Docs. This multi-stage approach enables the Trojan to evade traditional detection methods, posing a significant threat to numerous users.
Orcinius’s capability to integrate into Windows and capture confidential information like keystrokes and active windows heightens its risk, potentially resulting in severe data breaches and financial damages.
Broadcom researchers have identified and provided Indicators of Compromise (IOCs) in their report. Cybersecurity experts are advised to add these IOCs to their block list to safeguard their organization’s employees.
The utilization of multi-stage attack techniques, exemplified by Orcinius, underscores the criticality of regularly updating antivirus software and training cybersecurity personnel. Implementing robust protection measures and actively monitoring IOCs can help prevent data breaches and financial losses, ensuring the security of the digital landscape.