Evil Clippy: a tool for making undetectable malicious Microsoft Office docs

Evil Clippy comes from Dutch security researchers Outflank: 'a tool which assists red teamers and security testers in creating malicious MS Office documents. Amongst others, Evil Clippy can hide VBA macros, stomp VBA code (via p-code) and confuse popular macro analysis tools. It runs on Linux, OSX and Windows.' Evil Clippy's magic depends in part on some awesomely terrible undocumented Office features, including 'VBA Stomping': 'if we know the version of MS Office of a target system (e.g. Office 2016, 32 bit), we can replace our malicious VBA source code with fake code, while the malicious code will still get executed via p-code. In the meantime, any tool analyzing the VBA source code (such as antivirus) is completely fooled.' (via Eva)