acm-header
Sign In

Communications of the ACM

ACM TechNews

Malware Gang Uses .NET Library to Generate Excel Docs That Bypass Security Checks


View as: Print Mobile App Share:
A malware gang used a .NET library to create malicious Excel files.

NVISO Labs security researchers have discovered a malware gang that is using a .NET library to create malicious Excel files.

Credit: ZDNet

Security researchers at Brussels-based NVISO Labs discovered a malware gang is using a .NET library to create malicious Excel files.

The so-called Epic Manchego malware gang has targeted companies across the globe with phishing emails carrying the malicious files. These files bypassed security scanners and had low detection rates because they were compiled with a .NET library called EPPlus.

The gang appears to have used EPPlus to generate spreadsheet files in the Office Open XML (OOXML) format that lacked a section of compiled VBA code that is specific to Excel documents compiled in the standard Microsoft Office software and scanned by some antivirus products and email scanners. The malicious documents contained a malicious macro script that would download and install malware on the victim's systems.

NVISO discovered more than 200 malicious Excel files linked to Epic Manchego dating back to June 22.

From ZDNet
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account