From Security Week
The Vawtrak banking malware now leverages macros and the Windows PowerShell scripting tool to infect computers, Trend Micro reported on Monday.
Vawtrak, also known as Neverquest and Snifula, has evolved a great deal over the past months. In September, PhishLabs researchers noticed that cybercriminals had expanded not only the malware’s capabilities, but also the list of targeted financial institutions. The initial Vawtrak attacks primarily targeted banks in Japan.
Up until recently, attackers distributed the threat as exploit payloads and with the aid of exploit kits such as Angler. Now, they have turned to using malicious macros, a technique seen at info-stealers like Dridex and Rovnix.