Cybercriminals Use Grammarly to Perfect Phishing Docs: A Hilarious Irony or Just Coincidence?
Threat actors are leveraging the CrowdStrike outage for social engineering, embedding malicious VBA code in Word documents. Remarkably, a custom GrammarlyDocumentId appears in these files. Are cybercriminals using Grammarly for polished phishing? Not quite. It seems they’re just recycling old documents. But hey, even malware…
Hot Take:
So, cybercriminals might be grammar nerds now? Or maybe they’re just recycling old essays for their latest phishing scams. Either way, they’ve got a way with words and malware!
Key Points:
- Discovery of a malicious Word document (.ASD file) using CrowdStrike outage as bait.
- Document metadata reveals the presence of a GrammarlyDocumentId, hinting at Grammarly’s potential involvement.
- Comparison with CrowdStrike’s maldoc shows identical VBA code and fake certificate download.
- Evidence suggests threat actors are quick to react, with the document created shortly after CrowdStrike’s faulty update.
- No solid proof that Grammarly was used to correct texts; could be the result of reusing an old document.
Membership Required
You must be a member to access this content.