Watch out, that Excel document could be infected with dangerous malware

0
9


  • A new phishing campaign was recently spotted, distributing an Excel file
  • The file drops a fileless version of the Remcos RAT on the device
  • Remcos can steal sensitive files, log keys, and more

Hackers have been seen distributing a fileless version of the Remcos Remote Access Trojan (RAT), which they then use to steal sensitive information from the target devices using hijacked spreadsheet software.

In a technical analysis, researchers from Fortinet said they observed threat actors sending out phishing emails with the usual purchase order theme. Attached with the email is a Microsoft Excel file, built to exploit a remote code execution vulnerability found in Office (CVE-2017-0199). When triggered, the file will download an HTML Application (HTA) file from a remote server, and launch it via mshta.exe.

LEAVE A REPLY

Please enter your comment!
Please enter your name here