Security News > 2021 > December > Malicious Excel XLL add-ins push RedLine password-stealing malware
Cybercriminals are spamming website contact forms and discussion forums to distribute Excel XLL files that download and install the RedLine password and information-stealing malware.
In some phishing lures seen by BleepingComputer, the threat actors have created fake websites to host the malicious Excel XLL files used to install the malware.
These spam campaigns are designed to push malicious Excel XLL files that download and install the RedLine malware on victims' Windows devices.
An XLL file is an add-in that allows developers to extend the functionality of Excel by reading and writing data, importing data from other sources, or creating custom functions to perform various tasks.
XLL files are simply a DLL file that includes an 'xlAutoOpen' function executed by Microsoft Excel when the add-in is opened.
As XLL files are executables, threat actors can use them to perform a variety of malicious behavior on a device.