Communications of the ACM

Home/News/Malware Gang Uses .NET Library to Generate Excel Docs.../Full Text

ACM TechNews

Malware Gang Uses .NET Library to Generate Excel Docs That Bypass Security Checks

By ZDNet
September 15, 2020
Comments

View as: Print Mobile App Share:

A malware gang used a .NET library to create malicious Excel files. — NVISO Labs security researchers have discovered a malware gang that is using a .NET library to create malicious Excel files.

Credit: ZDNet

Security researchers at Brussels-based NVISO Labs discovered a malware gang is using a .NET library to create malicious Excel files.

The so-called Epic Manchego malware gang has targeted companies across the globe with phishing emails carrying the malicious files. These files bypassed security scanners and had low detection rates because they were compiled with a .NET library called EPPlus.

The gang appears to have used EPPlus to generate spreadsheet files in the Office Open XML (OOXML) format that lacked a section of compiled VBA code that is specific to Excel documents compiled in the standard Microsoft Office software and scanned by some antivirus products and email scanners. The malicious documents contained a malicious macro script that would download and install malware on the victim's systems.

NVISO discovered more than 200 malicious Excel files linked to Epic Manchego dating back to June 22.

From ZDNet
View Full Article

No entries found

Malware Gang Uses .NET Library to Generate Excel Docs That Bypass Security Checks

AI Certification Program Verifies Systems Are 'Fairly Trained'

How the AI Boom Went Bust

Niklaus Wirth and Beyond: Safeguarding the Intellectual Heritage of Computing