4 comments

[ 3.9 ms ] story [ 21.6 ms ] thread
'Someone is putting lots of work into hacking GitHub developers' only if they use Microsoft Windows as their development platform.
For this campaign. It's reasonable to suggest that there could be similar malware affecting OSX assuming the group have a general target in mind and not something specific to windows using developers...
> each one carried the same malicious .doc file as an attachment (SHA256: 6b9af3290723f081e090cd29113c8755696dca88f06d072dd75bf5560ca9408e). This file contained embedded macro code that executed a commonly observed PowerShell command to download and execute a file.

What versions of Word are vulnerable to this? Or is it a valid macro and technically a feature?

As I recall, Start-Process wouldn't trigger any Windows security prompt (although it might for remote-origin unsigned binaries?).