This sneaky Microsoft Excel malware could put your organization at risk of attack

Microsoft Excel add-ins being used to distribute Trojans

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

AlthoughMicrosoft Excelhas long been the go-to program for distributing malware among professionals, a new campaign discovered by experts atHPWolf Security has taken it a step further.

Based on an analysis of data from “the many millions of endpoints running HP Wolf Security”, the last 12 months has seen a 588% increase in the use of Excel add-ins (.xll) to distributemalware.

The researchers are saying this technique is particularly dangerous because the victims only need one click to compromise theirendpoints.

Clear availability

Adverts for an .xll dropper and malware builder have also started popping up on underground markets, the report further claims, which make it easy for low-level attackers to launch campaigns with devastating consequences.

To distribute the malware, some attackers resorted to a particularly sneaky method - hijacking ongoing email threads. After compromising an email account, these won’t simply send out a new email to the contact list - they’ll just share a malicious Excel file in an already ongoing email thread, significantly improving the chances of success.

Italians under attack

Furthermore, Excel files were also used in the recent distribution of the Ursnif banking Trojan among Italian-speaking users.

In this campaign, the attackers took on the identity of the Italian courier service BRT. What’s more - new campaigns have been spotted, spreading Emotet through Excel, rather than JavaScript or Word.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Microsoft Excel is making a big change to protect against malware>Microsoft Excel users need to patch now - but Mac owners are out of luck>These are the best Excel online courses around

To make sure their premises stay secure, IT teams should refrain from relying exclusively on detection andantivirussolutions, warns Alex Holland, Senior Malware Analyst, HP Wolf Security threat research team, HP Inc.

“Attackers are continually innovating to find new techniques to evade detection, so it’s vital that enterprises plan and adjust their defenses based on the threat landscape and the business needs of their users. Threat actors have invested in techniques such as email thread hijacking, making it harder than ever for users to tell friend from foe.”

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Lego will let you build Sir Ernest Shackleton’s iconic lost ship, the Endurance, in its next Icons set