That boring-looking Excel spreadsheet could be used to spread malware

Excel files are still being used to spread Emotet

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

WhenMicrosoftrestricted all Excel 4.0 macros by default earlier in 2022 to prevent threat actors from abusing the feature to distribute malware, many security experts thought threat actors would just move to a different attack vertical.

However, security researchers from Netskope have found weaponizedExcelfiles are still very popular as users are still using old and unprotected versions of the software and are, as such, still susceptible to this type of attack.

In ablog post, Netskope Staff Threat Research Engineer Gustavo Palazolo outlined how the company recently came across “hundreds” of malicious Office documents being used to download and execute Emotet.

Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.

Single threat actor

Emotet is a trojan capable of stealing information and dropping additional malicious payloads onto the targetendpoint.

After doing a search for similar files on VirusTotal, the team discovered 776 malicious spreadsheets, submitted in just a week and a half, during June. Most of the files share the same URLs and some metadata, drawing the researchers to conclude that it’s probably the work of a single threat actor.

In total, the team extracted 18 URLs, four of which were still online and delivering the malicious payload at the time.

Best malware removal tools around today: paid and free services>Google Chrome user profiles under attack from Emotet malware>Emotet malware is back, and potentially nastier than ever

The files are being distributed the traditional way - viaemail. The victim would receive an email claiming to be a payment form for a service, some medical bills or paperwork, or anything that might prompt people into downloading and opening the attachment if nothing then out of curiosity.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Some files were even compressed and password-protected, likely to evade antivirus or email protection services.

Users running the file would see it empty, except for a message saying the contents of the file are “protected” until they enable editing which effectively enables macros, as well.

To best defend from this type of phishing, businesses are encouraged to educate their employees on how to spot phishing, keep their hardware and software updated, and run proper antivirus solutions,firewalls, and multi-factor authentication services.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Dangerous Android banking malware looks to trick victims with fake money transfers

Sophos Firewall hack on government network used an all-new custom malware

Windows PCs targeted by new malware hitting a vulnerable driver