Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Remcos Alert: Ingenious Excel Phishing Campaign Spreading Dangerous Fileless Malware
Excel users need to be on guard as a newly discovered phishing campaign is targeting Microsoft's spreadsheet application.
This campaign distributes a new fileless malware version of a dangerous remote access Trojan that is being distributed through a Microsoft 365 (formerly Microsoft Office) vulnerability - and is now being actively exploited.
Hackers are targeting Excel to spread dangerous malware
Always on the front lines, Fortinent's Fortiguard Labs has uncovered a phishing campaign targeting Excel users.
The attack uses a phishing email lure disguised as a shipping order with a malicious Microsoft Excel spreadsheet attached. Once downloaded and opened, the spreadsheet exploits a remote code execution vulnerability (CVE-2017-0199) to download the HTML application.
Once downloaded, the HTML application executes and attempts to download another file – the actual Remcos malware. Remcos is a well-known remote access Trojan that can give attackers a direct line into an infected computer. It is one of many dangerous malware types that can be purchased in neat packages on underground hacker forums.
This time, however, researcher Xiaopeng Zhang found a fileless variant of the Remcos RAT that works with the infected system's memory, allowing it to evade detection by anti-malware tools. It also adds a specific autorun system registry to "maintain persistence and control over the victim's device across reboots"—another example of persistent malware.
Remcos RAT operators can use keyloggers and screen recorders to collect private information, audio, and other data. The stolen data is then encrypted and sent back to the operator, where it can be exploited.
Keep Microsoft 365 and your computer up to date to stay safe!
Unfortunately, the research does not indicate specific versions of Microsoft Excel affected by this vulnerability. Although the CVE-2017-0199 note does list older versions of Excel and Office under 'Known Affected Software Configurations,' that section has not been updated since the phishing campaign was discovered.
So when in doubt, keep Microsoft 365 and your operating system up to date. If possible, upgrade to the latest version of Microsoft 365 for maximum security.
David PacYou should read it
- Fileless malware - Achilles heel of traditional antivirus software
- What is Safe Malware? Why is it so dangerous?
- 10 typical malware types
- Warning: The malware campaign hides the shadow of gift emails from Amazon
- The Purple Fox malware targets vulnerable Windows systems worldwide
- The malware detection is extremely dangerous, unable to destroy even if the operating system is reinstalled and the hard drive is replaced
- The 4 most common ways to spread malware today
- Android malware believed to be spreading from Vietnam has attacked more than 10,000 Facebook accounts in 140 countries
May be interested
- What is Safe Malware? Why is it so dangerous?
remote access trojan (rat) is a type of malware that allows hackers to monitor and control the victim's computer or network. - Trojans appear to resolve the Windows patchwebsense has just released a newsletter warning users about a phishing campaign that provides windows patches via new email launched in the past week.
- The Purple Fox malware targets vulnerable Windows systems worldwidepurple fox, a strain of malware that was once spread around the world through sophisticated phishing email and exploit kits, has just shown signs of reappearing in a dangerous and unpredictable way. than.
- 10 typical malware typescurrently, more and more sophisticated and more malicious new malware types appear. anyone can know the harmful effects of malware, but not everyone knows how they work. this article will point out the 10 most dangerous types of malware ever.
- 25% of 'over-the-counter' phishing emails are the default security of Office 365a recent report showed that as many as 25% of all phishing emails were found after researchers conducted a series of 55 million emails that had previously been office 365 exchange online. protection (eop) - office 365's default security program is marked as' clean 'and of course has been reached by users' inboxes, while another 5.3% is whitelisted. instead of being blocked by administrators.
- Phishing campaign via email, abusing Microsoft Office templates to spread malicious codea new phishing campaign is targeting us organizations with the aim of deploying the netsupport rat remote access trojan and is being tracked by israeli security firm perception point as operation phantomblu…
- Google Alert is being used to spread malicious codeby using fake data leak notifications, hackers have taken advantage of google alert itself to spread malware and other phishing campaigns.
- This malware was written in an unusual programming language, making it extremely difficult to detectinternational cybersecurity researchers have discovered a relatively popular cyberattack campaign that is actively spreading a new type of malware. it is worth mentioning that this malicious code is written in a rather strange programming language, very rarely used to compile malicious code.
- Microsoft warns of new malware threat spread through Teamsmicrosoft has just issued an urgent cybersecurity alert regarding a threat actor using microsoft teams chats to spread malware.
- Discovery of Trojan scattering steals virtual money through YouTubea phishing campaign and malware transmission are being conducted through youtube.
Attack the network
- More than 200 apps containing malicious code were discovered and downloaded millions of times on the Google Play Store.
- Famous cyber attacks of the past decade
- Is it possible to 'crack' ransomware?
- Detection of Windows SmartScreen vulnerability being exploited to spread DarkGate malware
- Serious vulnerability helps hackers attack Facebook accounts without the victim's actions
- How are scammers using your face to commit fraud?
More than 200 apps containing malicious code were discovered and downloaded millions of times on the Google Play Store.
Famous cyber attacks of the past decade
Is it possible to 'crack' ransomware?
Detection of Windows SmartScreen vulnerability being exploited to spread DarkGate malware
Serious vulnerability helps hackers attack Facebook accounts without the victim's actions
How are scammers using your face to commit fraud?