DocuSign Alert: New Malicious Hacking Tool Mimicking DocuSign Observed

Robinson+Cole Data Privacy + Security Insider
Contact

On April 6, 2021, DocuSign issued an Alert notifying users of a new malicious hacking tool that is mimicking DocuSign to drop malware into victims’ systems. According to the Alert, the document building tool, dubbed “EtterSilent,” “creates Microsoft Office documents containing malicious macros or attempts to exploit a known Microsoft Office vulnerability (CVE-2017-8570) to download malware onto the victim’s computer. This activity is from malicious third-party sources and is not coming from the DocuSign platform.”

The Alert further states “[T]o date, the malicious documents have been observed to deliver many different malware families such as Trickbot, QBot, Bazar, IcedID and Ursnif. These types of maldocs are typically delivered to victims via phishing attacks.”

DocuSign provides the Indicators of Compromise in the Alert, which can be accessed here.

Since EtterSilent is released using macros, it is worth alerting company users that downloading macros is highly suspicious, and that they may wish to reach out to information technology professionals before downloading macros included in a document or link. If a company routinely uses DocuSign, alerting users to this scheme may help them avoid becoming a victim.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.