Excel users need to be on guard as a newly discovered phishing campaign is targeting Microsoft's spreadsheet application.
This campaign distributes a new fileless malware version of a dangerous remote access Trojan that is being distributed through a Microsoft 365 (formerly Microsoft Office) vulnerability - and is now being actively exploited.
Hackers are targeting Excel to spread dangerous malware
Always on the front lines, Fortinent's Fortiguard Labs has uncovered a phishing campaign targeting Excel users.
The attack uses a phishing email lure disguised as a shipping order with a malicious Microsoft Excel spreadsheet attached. Once downloaded and opened, the spreadsheet exploits a remote code execution vulnerability (CVE-2017-0199) to download the HTML application.
Once downloaded, the HTML application executes and attempts to download another file – the actual Remcos malware. Remcos is a well-known remote access Trojan that can give attackers a direct line into an infected computer. It is one of many dangerous malware types that can be purchased in neat packages on underground hacker forums.
This time, however, researcher Xiaopeng Zhang found a fileless variant of the Remcos RAT that works with the infected system's memory, allowing it to evade detection by anti-malware tools. It also adds a specific autorun system registry to "maintain persistence and control over the victim's device across reboots"—another example of persistent malware.
Remcos RAT operators can use keyloggers and screen recorders to collect private information, audio, and other data. The stolen data is then encrypted and sent back to the operator, where it can be exploited.
Keep Microsoft 365 and your computer up to date to stay safe!
Unfortunately, the research does not indicate specific versions of Microsoft Excel affected by this vulnerability. Although the CVE-2017-0199 note does list older versions of Excel and Office under “Known Affected Software Configurations,” that section has not been updated since the phishing campaign was discovered.
So when in doubt, keep Microsoft 365 and your operating system up to date. If possible, upgrade to the latest version of Microsoft 365 for maximum security.
Long-distance travel can involve heavy traffic, changing weather conditions, and rider fatigue. If you are also dealing with the responsibilities of moving home, such as packing belongings or coordinating accommodation, a long ride may add unnecessary pressure to an already busy schedule.
Tired of Microsoft Teams shortcut error preventing you from opening the app? Follow our expert, step-by-step guide with the latest fixes for instant resolution. Works on Windows, Mac & web – no tech skills needed!
Tired of Microsoft Teams Task Management Sync Error halting your workflow? Follow our proven, step-by-step fixes to resolve sync issues fast and restore seamless task collaboration. No tech expertise needed!
Struggling with Microsoft Teams Wiki Error Formatting? This step-by-step guide reveals proven fixes for common wiki tab issues, ensuring smooth editing and collaboration in Teams. Get back to productive wikis fast!
Struggling with Microsoft Teams installation error on Linux? Discover step-by-step fixes for Ubuntu, Fedora & more. Resolve dependency issues, crashes, and errors quickly with our ultimate guide. Get Teams running smoothly today!
Struggling with Microsoft Teams "Error Page" not loading? Get step-by-step fixes for desktop, web, and mobile. Solve Microsoft Teams Error Page issues quickly and resume seamless teamwork today.
Tired of Microsoft Teams "Error Screenshot" blocking your workflow? Get proven, step-by-step solutions to resolve screenshot errors in Teams instantly and boost productivity. No tech skills needed!
Tired of Microsoft Teams "Error U" User blocking your chats? Get proven, step-by-step fixes to clear cache, reset, and restore seamless collaboration instantly.
Unlock the precise locations of Microsoft Teams registry keys on Windows 11. Step-by-step guide to find, access, and safely tweak them for optimal performance and troubleshooting. Essential for IT pros and Teams enthusiasts.
Tired of Microsoft Teams "Training Error" Video Lag ruining your meetings? Follow our step-by-step guide with the latest fixes for smooth video calls—no more frustration!
