A malicious document builder named EtterSilent is gaining more attention on underground forums, security researchers say. As its popularity increased, the developer kept improving it to avoid detection from security solutions. The seller offered weaponized Microsoft Office documents in two ‘flavors’: with an exploit for a known vulnerability or with a malicious macro. Intel 471’s Chief Information Security Officer, Brandon Hoffman, told BleepingComputer that those prices are for the exploit version of the maldoc builder. The tool uses Excel 4.0 XML macros that download a payload in the background.
Source: https://www.bleepingcomputer.com/news/security/ettersilent-maldoc-builder-used-by-top-cybercriminal-gangs/