Trojan virus has infiltrated websites with comment sections, message boards, and discussion forums, capturing passwords via a seemingly harmless Microsoft Excel file.
An unidentified group of hackers has been spamming contact forms and discussion boards of many websites with fraudulent advertisements, such as Christmas season gift guides or website promotions, according to a report published by Bleeping Computer.
Attackers have even constructed bogus websites with well-known brand names and baited them with a malicious Excel XLL file.
An XLL file is a Microsoft Excel Add-in. These allow you to use third-party tools and functionalities in Microsoft Excel that aren’t included by default.
Excel can read and write data, import data from other sources, build custom functions, and conduct a variety of activities using these functions.
The function in this scenario downloads and instals the RedLine virus. RedLine is a Trojan that collects information from a system, such as login passwords or credit card information.
It can also run commands, download and install more malware, and snap screenshots of active Windows screens.
As soon as RedLine is installed on a machine, it begins accessing all of the sensitive information stored in the victim’s web browser and sending it to their command and control servers, where operators are ready to filter and sell the information to the black market.
The fact that XLL files can be executed is potentially dangerous. When obtaining these files, users must exercise extreme caution and check that they are coming from a reputable source before running them.
To read our latest blog on Coeus solutions, click here.