Safety researchers have offered us with a glimpse of a brand new assault that makes use of malicious Excel spreadsheets. This fashion, cyber attackers not solely attempt to unfold malware but additionally bypass safety checks. The utilization of Excel spreadsheets right here raises issues. By utilizing Excel spreadsheets, all hackers are attempting to do is trick safety programs into believing these are legit recordsdata.
Excel spreadsheets unfold malware
In July, safety researchers noticed the unfold of ‘maldocs.’ They’re malicious Excel paperwork delivering malware via VBA-activated spreadsheets. Properly, malicious VBA code and malware payloads aren’t shocking anymore.
Up to now, now we have seen situations the place attackers tried to money in on the concern of COVID-19 unfold throughout affected areas, courtesy of comparable strategies. In a single incident, hackers have been caught utilizing Coronavirus scare to target e-mail addresses and set up malware utilizing an contaminated MS-Phrase doc.
What intrigued safety researchers probably the most was the way in which these Excel paperwork and spreadsheets have been created. Imagine it or not, attackers didn’t use Microsoft Workplace to create these Macro-laden Excel workbooks that diminished the chance of detection to a big extent.
In a weblog submit, NVISO said:
“The creators of the malicious Excel paperwork used a way that permits them to create macro-laden Excel workbooks, with out really utilizing Microsoft Workplace. As a facet impact of this explicit approach of working, the detection fee for these paperwork is usually decrease than for traditional maldocs.”
As a substitute of Microsoft Workplace Excel, attackers relied on the EPPlus software program to create these malicious Microsoft Workplace. This was the preliminary step to bypass sure safety checks. Safety researchers additionally imagine not multiple menace actor is chargeable for the unfold of those malicious paperwork.
What was the motive behind these assaults?
From what researchers have noticed to this point, the malicious payloads are chargeable for stealing personal info, harvesting login passwords from internet browser functions and e mail shoppers, amongst different points.