Security News > 2022 > January > Stealthy Excel malware putting organizations in crosshairs of ransomware gangs

Stealthy Excel malware putting organizations in crosshairs of ransomware gangs
2022-01-27 14:30

The HP Wolf Security threat research team identified a wave of attacks utilizing Excel add-in files to spread malware, helping attackers to gain access to targets, and exposing businesses and individuals to data theft and destructive ransomware attacks.

There was a huge six-fold increase in attackers using malicious Microsoft Excel add-in files to infect systems compared to last quarter - a technique found to be particularly dangerous as it only requires one click to run the malware.

A recent QakBot spam campaign used Excel files to trick targets, using compromised email accounts to hijack email threads and reply with an attached malicious Excel file.

Malicious Excel files were also used to spread the Ursnif banking Trojan to Italian-speaking businesses and public sector organizations through a malicious spam campaign, with attackers posing as Italian courier service BRT. New campaigns spreading Emotet malware are now using Excel instead of JavaScript or Word files too.

PowerPoint malware is unusual, making up 1% of malware.

77% of malware detected was delivered via email, while web downloads were responsible for 13%. The most common attachments used to deliver malware were documents, archives, executables, spreadsheets.


News URL

https://www.helpnetsecurity.com/2022/01/27/excel-add-in-files-malware/