Cybercriminals are using Excel Macros to spread Malware! Stay Alert!
PTI, Jul 12, 2021, 2:12 PM IST
Credit: iStock Photo
Threat is increasing as the cyber criminals are using excel 4.0 documents for spreading malware called Zloader and Quakbot. According to the latest research, there was a sudden surge in this kind of cyber attack in 2021. Many individuals and companies having weak policies have suffered and have faced the consequences.
What is Excel 4.0 macros (XLM)?
XLM, for Excel Macro, is a type of Spreadsheet files that are used to store Macros. From an application point of view, a Macro is a set of instructions that are used for automating processes. Macros are programmed with Microsoft’s VBA – Visual Basic for Applications from within the Excel Workbook. Visual Basic Editor present in it can be used to run/debug directly from there.
Quakbot (aka QBOT), which was first found in 2007, has remained a notorious banking trojan capable of stealing banking credentials and other financial information. Typically spread via weaponized Office documents, variants of QakBot have been able to deliver other malware payloads, log user keystrokes, and even create a backdoor to compromised machines. Few of the variants also have computer worm-like (ability to replicate itself to spread to other computers) propagation characteristics.
How are the users getting tricked?
Microsoft Office automatically disables macros but the attackers attempt to trick recipients of the email to enable them with a message appearing inside the Word document. This file is a non-malicious file which is used to trick the user to enable the macro. This initial attack is achieved by a phishing email with a Microsoft Word document as an attachment. While this document is opened, a password-protected Excel file is downloaded from a remote server.
McAfee Labs research team states that, after downloading the XLS file, the Word VBA reads the cell contents from XLS and creates a new macro for the same XLS file and writes the cell contents to XLS VBA macros as functions. Once the macros are written to the downloaded XLS file, the Word document sets the policy in the registry to Disable Excel Macro Warning and calls the malicious macro function dynamically from the Excel file. This results in the downloading of the Zloader payload. The Zloader payload is then executed by rundll32[.]exe.
Measures and Prevention techniques to be taken?
It is highly recommended to enable macros only when the document received is from a trusted source. Post working on the macro document, disabling the feature until the next usage.
Disabling Macros:
1. File tab > Options.
2. select Trust Center > Trust Center Settings button.
3. select Macro Settings > Disable all macros with/without notifications.
Authored by Prithveesh K.
PRITHVISION
Prithvi Cyber Protect | Prithvi Mosaics
Udayavani is now on Telegram. Click here to join our channel and stay updated with the latest news.
Top News
Related Articles More
ISRO to study how crops grow in space on PSLV-C60 mission
ISRO & ESA agree to cooperate on astronaut training, mission implementation
Snatcher lands in police net in Delhi, AI tech helps reveal identity
AI Meets Health: The Rise of Smart Fitness Solutions
Power Up by Powering Down: 10 Energy-Saving Tips for Every Home
MUST WATCH
Latest Additions
Kannada Sahitya Sammelana: Food distribution creates stir
Rohit gets hit in nets, practice pitches on slower side
India & Kuwait elevate ties to strategic level; ink defence pact after PM Modi meets top Kuwaiti leaders
In Kuwait, PM Modi meets yoga practitioner, other influencers from Gulf country
Notorious gangster wanted in UAPA case arrested at Nepal border
Thanks for visiting Udayavani
You seem to have an Ad Blocker on.
To continue reading, please turn it off or whitelist Udayavani.