This sneaky Microsoft Excel malware could put your organization at risk of attack


Although Microsoft Excel has long been the go-to program for distributing malware among professionals, a new campaign uncovered by experts at HP Wolf Security has gone even further.

Based on an analysis of data from “several million endpoints running HP Wolf Security”, the past 12 months has seen a 588% increase in the use of Excel add-ins (.xll) to distribute malware.

Researchers say this technique is particularly dangerous because victims only need one click to compromise their devices.

Clear availability

Advertisements for an .xll dropper and malware builder have also started appearing in underground markets, according to the report, making it easy for low-level attackers to launch campaigns with devastating consequences.

To distribute the malware, some attackers have resorted to a particularly devious method: hijacking ongoing chat threads. After compromising an email account, they won’t just send a new email to the contact list – they’ll just share a malicious Excel file in an already running thread, greatly improving the chances of success.

Italians attacked

Furthermore, Excel files were also used in the recent distribution of the Ursnif banking trojan among Italian-speaking users.

In this campaign, the attackers impersonated the Italian courier service BRT. Additionally, new campaigns have been spotted delivering Emotet via Excel, rather than JavaScript or Word.

To ensure their premises remain secure, IT teams should refrain from relying exclusively on detection and antivirus solutions, warns Alex Holland, Principal Malware Analyst, HP Wolf Threat Research Team Security, HP Inc.

“Attackers are continually innovating to find new techniques to evade detection, so it is vital that companies plan and adjust their defenses based on the threat landscape and the business needs of their users. Threat actors have invested in techniques such as email thread hijacking, making it harder than ever for users to tell friend from foe.

  • You can also consult our list of best firewalls at present

About Author

Comments are closed.