Malware Concept - Eye Behind Word Malware
Home Malware ‘IOU Enclosed’ Macro Malware Email

‘IOU Enclosed’ Macro Malware Email

by Brett M. Christensen

According to this email, you can check an IOU document by opening an attached Microsoft Word file.  

The email includes  “File Access Credentials” that you will supposedly need to open the document.

The message looks like this:

From: [name removed]

Please check the IOU enclosed with this email. The Transaction should appear in 8 hours.

File Access Credentials: 213Neft

Best regards

[Name Removed]

However, the email is not a legitimate invoice message. Instead, it is an attempt by online criminals to trick you into installing malware on your computer.

If you attempt to open the attached Microsoft Word document, you will be prompted to enter the file access password supplied in the message:

Macro Malware Password Prompt

The supposed password requirement may help the malware bypass some automated computer security “sandbox” systems.  The human intervention required to input the password can evade automated sandboxing technologies.

And, the need to enter a password to access the document may fool some recipients into thinking that the document is secured and thus more likely to be legitimate.  In reality, including a password in the same email that carries the supposedly secured document would be pointless. Any viewer of the email could see and use the password so the “password protected” document would be no more secure than a document with no password at all.  Nevertheless, a busy or inexperienced recipient may be lulled by the semblance of security implied by the password’s inclusion. 

After entering the password, you will be prompted to enable editing via a message similar to the following:

Enable Editing Macro Malware Prompt

However, if you do enable editing, a malicious macro can then run in the background and install malware on your computer. Malicious macros have been used to install ransomware,  malware that can steal banking details from your computer, and other types of malware threat.

For those that may not be aware, a macro is a set of commands and instructions that can be collected as a single command in order to quickly and automatically accomplish a task. Macros can be very helpful in some workflows.  But malicious macros can also be created and distributed.

Be wary of any email that claims that you must enable editing or allow macros to view an attached document. Enabling macros should never be required simply to view a Word file. Unless you regularly use them and understand their inherent risks, it is best to leave macros disabled in your Microsoft Office software.