Connect with us

Hi, what are you looking for?



Author of Dryad and Rubella Macro Builders Arrested

Dutch authorities this week announced the arrest a 20-year old man for allegedly developing and distributing Office Macro Builders. 

Dutch authorities this week announced the arrest a 20-year old man for allegedly developing and distributing Office Macro Builders. 

Such programs are designed to allow cybercriminals weaponize Office documents to deliver malicious payloads via obfuscated macro code. The macro might also purposely attempt to bypass endpoint security defenses. 

Once the document containing such a malicious macro is opened, the code would be executed, which could surreptitiously download malware or start a program on the device. 

The arrested individual, a resident of the Dutch city of Utrecht, is said to have created and distributed toolkits named Rubella, Cetan and Dryad. Aided by McAfee and another private company, the Dutch authorities managed to trace various online handles on hacking forums to the man. 

According to the authorities, the suspect sold the macro builder Rubella for prices ranging from a couple of hundred to thousands of euros. According to McAfee, Dryad and Rubella are very similar, and a conversation with the suspect revealed that the individual was behind both of them. 

The man was also “found in possession of data concerning dozens of credit cards and manuals on carding, a type of credit card fraud,” the Dutch authorities reveal. Moreover, the suspect had in possession access credentials for thousands of websites. 

The man reportedly collected around 20,000 Euro (around $22,000) in crypto currency such as Bitcoins. 

“Toolkits that build weaponized Office documents, like Dryad and Rubella, cater to the increasing cybercriminal demand of this type of infection vector. With the arrest of the suspect comes an end to the era of Dryad and Rubella Macro Builder,” McAfee notes

Advertisement. Scroll to continue reading.

Related: Macro-Based Multi-Stage Attack Delivers Password Stealer

Related: Macro Malware Comes to macOS

Related: Office Loader Uses Macros to Drop Array of Malware

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Professional services company Slalom has appointed Christopher Burger as its first CISO.

Allied Universal announced that Deanna Steele has joined the company as CIO for North America.

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

More People On The Move

Expert Insights

Related Content


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.