Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Cybercriminals Use Grammarly to Perfect Phishing Docs: A Hilarious Irony or Just Coincidence?
Threat actors are leveraging the CrowdStrike outage for social engineering, embedding malicious VBA code in Word documents. Remarkably, a custom GrammarlyDocumentId appears in these files. Are cybercriminals using Grammarly for polished phishing? Not quite. It seems they’re just recycling old documents. But hey, even malware…
Hot Take:
So, cybercriminals might be grammar nerds now? Or maybe they’re just recycling old essays for their latest phishing scams. Either way, they’ve got a way with words and malware!
Key Points:
- Discovery of a malicious Word document (.ASD file) using CrowdStrike outage as bait.
- Document metadata reveals the presence of a GrammarlyDocumentId, hinting at Grammarly’s potential involvement.
- Comparison with CrowdStrike’s maldoc shows identical VBA code and fake certificate download.
- Evidence suggests threat actors are quick to react, with the document created shortly after CrowdStrike’s faulty update.
- No solid proof that Grammarly was used to correct texts; could be the result of reusing an old document.
Already a member? Log in here