Security researchers at Brussels-based NVISO Labs discovered a malware gang is using a .NET library to create malicious Excel files.
The so-called Epic Manchego malware gang has targeted companies across the globe with phishing emails carrying the malicious files. These files bypassed security scanners and had low detection rates because they were compiled with a .NET library called EPPlus.
The gang appears to have used EPPlus to generate spreadsheet files in the Office Open XML (OOXML) format that lacked a section of compiled VBA code that is specific to Excel documents compiled in the standard Microsoft Office software and scanned by some antivirus products and email scanners. The malicious documents contained a malicious macro script that would download and install malware on the victim's systems.
NVISO discovered more than 200 malicious Excel files linked to Epic Manchego dating back to June 22.
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA