Hackers use fake Excel files to breach security

Over 200 malicious documents were detected in two months and the hackers may be ramping up operations

September 09, 2020 01:18 pm | Updated 04:14 pm IST

The files were created using a special undetectable tool called EPPlus.

The files were created using a special undetectable tool called EPPlus.

A group of hackers used a malicious Excel spreadsheet to bypass security checks on computers.

The malware gang Epic Manchego is specialised in targeting companies by sending malicious Excel files through phishing emails, security researchers from NVISO Labs said in a statement.

The malicious files were created using EPPlus software, and not Microsoft Office, to generate macro-laden Excel workbooks. This method reduces detection rate of these documents, and is typically lower than for standard malware docs.

When files are created using EPPlus tool, they lack a necessary compiled Visual Basic for Application (VBA) code. The algorithm to create compiled VBA code is proprietary to Microsoft, NVISO stated.

The first malicious document detected was created in June 2020, and since then over 200 malicious documents were found in two months.

United States, Czech Republic, France, Germany and China accounted for the majority of targeted regions. Files were presented in English, Spanish, Chinese and Turkish languages.

Recent uptick in detections confirm that the hacker group may be ramping up operations, the researchers said.

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.