A simple file can cause your system to be compromised and an attacker can steal passwords or data. In this article we echo how they are using an Excel document just for this. In this case, the target is Windows. We are going to talk to you about how it works, how this file can reach your system and, most importantly, what you should do to protect yourself and avoid these types of threats.
Generally, attackers are going to need you to make a mistake. Therefore, if you know very well what their strategies are, you can be prepared and thus reduce the risk of having problems. Just by clicking where you shouldn’t, you could be exposing the operation of your device and all the stored data.
They use Excel to attack
On other occasions we have seen how they use a Word file, a PDF or a simple image. In this case, the weapon they use is an Excel document. Behind this is the group of cybercriminals known as UNC1151. Now, Mandiant security researchers have identified a campaign that targets different countries in Europe.
What attackers do is send a malicious email. In that e-mail they will include Excel documents that contain VBA macros. When opened, they download LNK and DLL files, to achieve their goal of infecting the system. This strategy differs from other similar ones, in which they downloaded an encrypted JPG file. In this case, what they download is an SVG file and can use a final payload with threats such as AgentTesla, Cobalt Strike or njRAT.
Its main strategy is to use a message that invites the victim to open it. A classic Phishing attack. They can indicate that there is a problem with something, that you need to make a change, that you can see an image in which you appear, an invoice that you need to pay… In short, anything that invites you to click and download that Excel file. Doing so runs the macros that trigger everything else.
It must be taken into account that this type of attack is not isolated; It is common to see many similar ones. Therefore, taking preventive measures is going to be key. The objective should always be to preserve your personal data and not give facilities to cybercriminals, who are waiting to steal your passwords.
Protect yourself
The most important thing of all is to maintain common sense. As you have seen, these types of attacks will require you to fall into the trap and download that Excel file and then open it. If you don’t do this, if you just ignore and delete that email, you won’t have to worry about anything. Therefore, you should always avoid making mistakes.
You should also keep your devices up to date. In many cases, these types of strategies will take advantage of a security flaw that may exist in Windows, Android or any program you can use. By updating to the latest version, you will have the latest patches installed and thus avoid problems.
On the other hand, having security programs would also help. A good antivirus will help you detect malware and a wide variety of threats. Always make sure you have good software that is reliable and well configured so that it can protect you on the Internet. You could even use online antivirus.
In short, be careful if you receive an Excel document via email. Do not open it unless you are 100% sure that it is a reliable contact and it is a file that you expect to receive. It could be a trap and they are going to take control of your team.
