How Microsoft Excel is being used to spread malware

It is always important to be aware of phishing scams and malware risks on both personal and business devices. Knowledge of the current threats and the specifics of how they work is the best way for anyone to arm themselves with the tools needed to prevent any issues from occurring. A hacking group known as Evil Corp or TA505 has presented a new risk by targeting businesses through the use of malicious Microsoft Excel documents. The following advice provided by the Excel Experts will inform you about the malicious code and hopefully help you prevent any issues with malware as a result of your spreadsheet being infected.

What Is the Evil Corp Malware?

Evil Corp is a hacking group that has been active since 2014. The group has been carrying out a phishing campaign and has begun to use Excel documents as a new tactic. The financially-motivated cybercrime group has previously targeted retail companies and financial institutions.

The infected Excel documents contain a malicious macro virus, which can infect a computer’s system when a document is opened or closed. The malware is spread through an email phishing campaign, which uses HTML redirectors to download Dudear, an Excel file containing the malicious macro.

What Does It Do?

excel on PC

Victims targeted by this phishing campaign are instructed to open the Excel document on their computer and enable editing so that they can access the file’s contents. Doing so leads to the malware attempting to put a remote access trojan (RAT) on the computer’s system. This trojan is known as Grace Wire or Flawed Grace.

The RAT can then steal information from the system. The documents also include malware downloaders that deliver Dridex and Trick banking trojans. An IP trackback service will track the IP address of any machine that downloads and opens the malicious Excel file.

Preventing Malware Attacks at Work

The best way to prevent problems caused by Evil Corp and any other malware is to know how to avoid the issue. Microsoft Security Intelligence tracks these problems and provides advice on how to avoid becoming a victim. Education is vital for preventing malware resulting from phishing. Employees must be made aware of the problem and advised not to open unfamiliar Excel spreadsheets or enable editing.

A range of tools will also help, including Microsoft Threat Protection, Office 365 protections, and Microsoft Defender ATP. These will all help to block the threat and prevent the download of malicious files.

What to Do If You Have Been Targeted

If you are targeted by a phishing campaign, it is first important to know how to recognise fishing. Being able to recognise the signs of a phishing email, such as hyperlinks that don’t match the anchor text or emails not relevant to you, will go a long way. A combination of training and the right tools will help to prevent the attack from succeeding. However, if a security breach occurs, speed is key. Identifying the email and who was targeted is a must. Disconnecting the device from the internet and any networks will help to prevent it from spreading. Performing a complete scan of the device using anti-virus software can detect any malware and help with removing it.

Be wary of any suspicious emails, and avoid opening unknown Microsoft Excel files. Thorough training will equip everyone with the knowledge they need to avoid scams.