"Emerging Hacking Tool 'EtterSilent' Mimics DocuSign, Researchers Find"

Security researchers at the threat intelligence company Intel 471 published a blog post discussing a malicious document builder known as EtterSilent that is growing in popularity among cybercriminals. Two versions of the maldoc builder have been seen being advertised in a Russian cybercrime forum. According to the researchers, one version exploits a vulnerability in Microsoft Office, while the other one uses a malicious macro. One version of EtterSilent mimics the digital signature product DocuSign. Targets are prompted to enable macros when they click through to sign documents electronically, allowing attackers to deliver malware. The maldoc builder has been designed to hide operators' activities. The researchers have observed that the developer constantly updates the hacking tool to evade detection as it gains more attention. EtterSilent was included in a recent campaign that dropped an updated version of the banking trojan TrickBot. Other cybercriminal groups have leveraged EtterSilent in their campaigns involving banking trojans such as BokBot, Gozi ISFB, and QBot. This article continues to discuss the use of EtterSilent maldoc builder by hackers to run criminal schemes and why the tool may be of interest to the US government. 

CyberScoop reports "Emerging Hacking Tool 'EtterSilent' Mimics DocuSign, Researchers Find"