Excel users need to be on guard as a newly discovered phishing campaign is targeting Microsoft's spreadsheet application.
This campaign distributes a new fileless malware version of a dangerous remote access Trojan that is being distributed through a Microsoft 365 (formerly Microsoft Office) vulnerability - and is now being actively exploited.
Hackers are targeting Excel to spread dangerous malware
Always on the front lines, Fortinent's Fortiguard Labs has uncovered a phishing campaign targeting Excel users.
The attack uses a phishing email lure disguised as a shipping order with a malicious Microsoft Excel spreadsheet attached. Once downloaded and opened, the spreadsheet exploits a remote code execution vulnerability (CVE-2017-0199) to download the HTML application.
Once downloaded, the HTML application executes and attempts to download another file – the actual Remcos malware. Remcos is a well-known remote access Trojan that can give attackers a direct line into an infected computer. It is one of many dangerous malware types that can be purchased in neat packages on underground hacker forums.
This time, however, researcher Xiaopeng Zhang found a fileless variant of the Remcos RAT that works with the infected system's memory, allowing it to evade detection by anti-malware tools. It also adds a specific autorun system registry to "maintain persistence and control over the victim's device across reboots"—another example of persistent malware.
Remcos RAT operators can use keyloggers and screen recorders to collect private information, audio, and other data. The stolen data is then encrypted and sent back to the operator, where it can be exploited.
Keep Microsoft 365 and your computer up to date to stay safe!
Unfortunately, the research does not indicate specific versions of Microsoft Excel affected by this vulnerability. Although the CVE-2017-0199 note does list older versions of Excel and Office under “Known Affected Software Configurations,” that section has not been updated since the phishing campaign was discovered.
So when in doubt, keep Microsoft 365 and your operating system up to date. If possible, upgrade to the latest version of Microsoft 365 for maximum security.
Discover the easiest step-by-step guide to setting up Microsoft Teams Town Hall events. Host massive virtual gatherings effortlessly with pro tips for seamless execution. Perfect for leaders and organizers!
Struggling with Microsoft Teams "Download Error" on PC? Discover proven, step-by-step fixes to resolve download failed issues quickly. Get back to seamless collaboration in minutes—no tech skills needed!
Stuck with Microsoft Teams "Error L" License error? Follow this step-by-step troubleshooting guide to resolve licensing issues quickly, restore access, and boost productivity without IT hassle. Updated with latest fixes.
Tired of Microsoft Teams video call freezing mid-meeting? Follow this proven troubleshooting Microsoft Teams video call freezing guide with quick fixes, advanced tips, and real solutions to restore smooth video instantly.
Frustrated by Microsoft Teams 'Download Failed Due to Unexpected Error'? Discover proven, step-by-step solutions to fix this common issue quickly and get back to seamless collaboration. Updated with the latest fixes for peak performance.
Frustrated because your Microsoft Teams recording failed? Uncover the top common reasons like permissions issues, storage limits, and network glitches, plus step-by-step fixes to prevent future failures and record flawlessly every time.
Struggling with Microsoft Teams "Error B" connection? Discover step-by-step fixes for smooth connectivity. Clear cache, check networks, and more in this ultimate guide to resolving Error B instantly.
Tired of the frustrating Microsoft Teams "Application Is In A Bad State" error crashing your meetings? Discover proven, step-by-step fixes to resolve it quickly and restore smooth teamwork. Updated with the latest solutions.
Discover simple steps to check your Microsoft Teams version history and build number on desktop, web, and mobile. Stay updated with the latest features and fixes effortlessly. Perfect for IT pros and everyday users.
Tired of Microsoft Teams "Uninstall Error" Stuck? Discover proven, step-by-step fixes to completely remove Teams from your PC. Works on latest Windows versions – no tech skills needed!
Facing the frustrating Microsoft Teams "Where is My Team?" error? Discover step-by-step troubleshooting tips, common causes, and quick fixes to resolve it instantly and resume seamless collaboration. Updated with the latest solutions.
Tired of Microsoft Teams VDI errors crashing your virtual machine calls? Get step-by-step fixes for audio glitches, video freezes, and optimization issues on Citrix, VMware, or RDP setups. Boost productivity now!
Struggling with Microsoft Teams Error AADSTS70011? Discover step-by-step fixes for invalid scope errors, clear cache tips, and quick authentication resets to get back to seamless collaboration in minutes. Updated with latest Teams patches.
Stuck with Microsoft Teams unknown error "Something Went Wrong"? Discover quick, effective troubleshooting steps to resolve it instantly. Updated with the latest fixes for seamless collaboration.
Is Microsoft Teams download not working on your PC? Discover proven fixes for installation errors, slow downloads, and crashes. Get Teams running smoothly in minutes with our step-by-step guide.
