Victims are tricked into activating micros in order for the malware to be executed
Cybercriminals are coming up with novel ways of spreading their malicious creations. However, it turns out that, in some cases, coming up with something new actually means going back to the roots.Sophos experts have identified a piece of malware that’s being distributed with the aid of a Microsoft Excel-based Sudoku generator.
Many users like to solve Sudoku puzzles, and the victim might think that they’re doing nothing dangerous.
However, in order for the generator to work, the user must activate macros – which, in this case, are used by Microsoft Office to integrate Visual Basic applications into documents.
Back in the day, macros were often utilized by cybercriminals, but Microsoft decided to disable them by default to mitigate such attacks.
In this latest attack, the crooks are relying on the fact that macros need to be enabled in order for the Sudoku puzzle generator to work, so they provide victims with instructions on how to turn them back on.
By enabling macros, the users don’t just allow the puzzle generator to work, but the malware as well.
Once the malware is installed and executed, it gathers system information by using the "ipconfig," "systeminfo" and "tasklist" commands. The network, programs and services, hardware, operating systems, and patches data that is harvested is then encrypted and transmitted to an aol.com email address.
The malicious spreadsheet is detected by Sophos products as WM97/ExeDrop-G, and the malware itself is identified as Troj/DwnLdr-KLI.
Sudoku fans are advised to be on the lookout for such Excel-based puzzle generators. There are plenty of such applications available on the web, so be sure to download them only from trusted sources.