The latest attack launched by hacking group known as ‘Evil Corp’ or TA505 presents a new risk by targeting businesses through malicious Microsoft Excel documents.
Knowledge of current threats and how they work is the best way for business and personal users to prevent hackers gaining remote access to computers and sensitive data via Excel malware.
The following advice informs you about the malicious excel code and how to prevent malware issues resulting from your spreadsheet being infected.
What Is the Evil Corp Excel Malware?
Evil Corp is a hacking group that has been active since 2014. The group has been carrying out a phishing campaign using Excel documents as a new, covert delivery device. The financially-motivated cybercrime group has previously targeted retail companies and financial institutions with similar attacks.
The infected Excel documents contain a malicious macro virus, which can infect a computer’s system when a document is opened or closed. The malware is spread through an email phishing campaign, which uses HTML redirectors to download Dudear, an Excel file containing the malicious macro.
What Does It Do?
Victims targeted by this phishing campaign are instructed to open the Excel document on their computer and enable editing so that they can access the file’s contents. Doing so leads to the malware attempting to put a remote access trojan (RAT) on the computer’s system. This trojan is known as Grace Wire or Flawed Grace.
The RAT can then steal information from the system. The documents also include malware downloaders that deliver Dridex and Trick banking trojans. An IP trackback service will track the IP address of any machine that downloads and opens the malicious Excel file.
Preventing Excel Malware Attacks at Work
The best way to prevent problems caused by Evil Corp and any other malware is to know how to avoid the issue. Microsoft Security Intelligence tracks these problems and provides advice on how to avoid becoming a victim. Education is vital for preventing malware resulting from phishing. Employees must be aware of the problem and advised not to open unfamiliar Excel spreadsheets or enable editing.
A range of tools will also help, including Microsoft Threat Protection, Office 365 protections, and Microsoft Defender ATP. These will all help to block the threat and prevent the download of malicious files.
What to Do If You Have Been Targeted
If a phishing campaign targets you, it is first important to know how to recognise fishing. Recognising the signs of a phishing email, such as hyperlinks that don’t match the anchor text or emails not relevant to you, will go a long way.
If a security breach has already occurred, speed is key. Identifying the email and who was targeted is a must. Disconnecting the device from the internet and any networks will help to prevent it from spreading. Performing a complete scan of the device using anti-virus software can detect any malware and help with removing it.
Preventing Excel Malware Attacks
In conclusion, be wary of any suspicious emails, and avoid opening unknown Microsoft Excel files.
The most effective method of preventing such security breaches is providing excel training to you and your staff, a service we provide remotely and on-site.