A group of hackers used a malicious Excel spreadsheet to bypass security checks on computers.
The malware gang Epic Manchego is specialised in targeting companies by sending malicious Excel files through phishing emails, security researchers from NVISO Labs said in a statement.
The malicious files were created using EPPlus software, and not Microsoft Office, to generate macro-laden Excel workbooks. This method reduces detection rate of these documents, and is typically lower than for standard malware docs.
When files are created using EPPlus tool, they lack a necessary compiled Visual Basic for Application (VBA) code. The algorithm to create compiled VBA code is proprietary to Microsoft, NVISO stated.
The first malicious document detected was created in June 2020, and since then over 200 malicious documents were found in two months.
United States, Czech Republic, France, Germany and China accounted for the majority of targeted regions. Files were presented in English, Spanish, Chinese and Turkish languages.
Recent uptick in detections confirm that the hacker group may be ramping up operations, the researchers said.
COMMents
SHARE