The ASEC analysis team has reported new malicious Word documents being disguised as news questionnaires released by CNA Singapore. The identified Word documents contain North Korea related content as well as malicious VBA macros.

ASEC dissected the VBA macros, whose code was written in Visual Basic for Applications (VBA) language. ASEC discovered that the macro contains malicious code that can be used to download and execute additional files on the computer running the macro. Furthermore, to avoid detection, the macro deletes any executed file that is related to North Korea or its leaders. The ASEC analysis team has also found out another malicious module which is responsible for retrieving and processing internet URLs.

As a result of this analysis, it is recommended users of Microsoft Office and other software applications update their products with security patches as soon as possible.

ASEC will continue to investigate the North Korea’s cyber capabilities, reporting any significant findings in a timely manner.

‍

Source: Malicious Word document disguised as a news questionnaire - AlienVault - Open Threat Exchange