Tech & Gadgets

Beware, that Excel document may be infected with dangerous malware


  • Recently, a new phishing campaign was noticed, involving the distribution of an Excel file
  • The file drops a fileless version of the Remcos RAT on the device
  • Remcos can steal sensitive files, log keys and more

Hackers have been seen distributing a fileless version of the Remcos Remote Access Trojan (RAT), which they then use to steal sensitive information from the target devices using hijacked spreadsheet software.

In a technical analysis, Fortinet researchers said they observed threat actors sending phishing emails with the usual purchase order theme. Attached to the email is a Microsoft Excel file built to exploit a remote code execution vulnerability in Office (CVE-2017-0199). When activated, the file downloads an HTML application file (HTA) from a remote server and launches it via mshta.exe.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button