Cybercriminals are using Excel Macros to spread Malware! Stay Alert!


PTI, Jul 12, 2021, 2:12 PM IST

Credit: iStock Photo

 

Threat is increasing as the cyber criminals are using excel 4.0 documents for spreading malware called Zloader and Quakbot. According to the latest research, there was a sudden surge in this kind of cyber attack in 2021. Many individuals and companies having weak policies have suffered and have faced the consequences.

What is Excel 4.0 macros (XLM)?

XLM, for Excel Macro, is a type of Spreadsheet files that are used to store Macros. From an application point of view, a Macro is a set of instructions that are used for automating processes. Macros are programmed with Microsoft’s VBA – Visual Basic for Applications from within the Excel Workbook. Visual Basic Editor present in it can be used to run/debug directly from there.

Quakbot (aka QBOT), which was first found in 2007, has remained a notorious banking trojan capable of stealing banking credentials and other financial information. Typically spread via weaponized Office documents, variants of QakBot have been able to deliver other malware payloads, log user keystrokes, and even create a backdoor to compromised machines. Few of the variants also have computer worm-like (ability to replicate itself to spread to other computers) propagation characteristics.

How are the users getting tricked?

Microsoft Office automatically disables macros but the attackers attempt to trick recipients of the email to enable them with a message appearing inside the Word document. This file is a non-malicious file which is used to trick the user to enable the macro. This initial attack is achieved by a phishing email with a Microsoft Word document as an attachment. While this document is opened, a password-protected Excel file is downloaded from a remote server.
McAfee Labs research team states that, after downloading the XLS file, the Word VBA reads the cell contents from XLS and creates a new macro for the same XLS file and writes the cell contents to XLS VBA macros as functions. Once the macros are written to the downloaded XLS file, the Word document sets the policy in the registry to Disable Excel Macro Warning and calls the malicious macro function dynamically from the Excel file. This results in the downloading of the Zloader payload. The Zloader payload is then executed by rundll32[.]exe.

Measures and Prevention techniques to be taken?

It is highly recommended to enable macros only when the document received is from a trusted source. Post working on the macro document, disabling the feature until the next usage.

Disabling Macros:
1. File tab > Options.
2. select Trust Center > Trust Center Settings button.
3. select Macro Settings > Disable all macros with/without notifications.

 

 

Authored by Prithveesh K.
PRITHVISION
Prithvi Cyber Protect | Prithvi Mosaics

 

Udayavani is now on Telegram. Click here to join our channel and stay updated with the latest news.

Top News

Kannada Sahitya Sammelana: Food distribution creates stir

Rohit gets hit in nets, practice pitches on slower side

India & Kuwait elevate ties to strategic level; ink defence pact after PM Modi meets top Kuwaiti leaders

In Kuwait, PM Modi meets yoga practitioner, other influencers from Gulf country

Notorious gangster wanted in UAPA case arrested at Nepal border

Mandhana, Renuka blow away West Indies in first ODI

‘Condition critical’, say doctors as farmer leader Dallewal’s fast enters 27th day

Related Articles More

ISRO to study how crops grow in space on PSLV-C60 mission

ISRO & ESA agree to cooperate on astronaut training, mission implementation

Snatcher lands in police net in Delhi, AI tech helps reveal identity

AI Meets Health: The Rise of Smart Fitness Solutions

Power Up by Powering Down: 10 Energy-Saving Tips for Every Home

MUST WATCH

Tulunadu Daivaradane

Feeding Birds with Creative Paddy Art!

Areca Nut

HOTEL SRI DURGA BHAVANA

Harish Poonja


Latest Additions

Kannada Sahitya Sammelana: Food distribution creates stir

Rohit gets hit in nets, practice pitches on slower side

India & Kuwait elevate ties to strategic level; ink defence pact after PM Modi meets top Kuwaiti leaders

In Kuwait, PM Modi meets yoga practitioner, other influencers from Gulf country

Notorious gangster wanted in UAPA case arrested at Nepal border

Thanks for visiting Udayavani

You seem to have an Ad Blocker on.
To continue reading, please turn it off or whitelist Udayavani.