Sites with contact forms and comment sections, such as forums, are used to distribute malware known to steal passwords through a compromised Microsoft Excel file.
According to a new report from Bleeping Computer, an anonymous cybercrime set has been spamming contact forms and forums across multiple sites over the past couple of weeks, with bogus offers like ad requests, gift guides. for the Christmas season or promotions on sites.
For certain claims, the attackers stole the identities of popular brands, created fake sites, and hosted a malicious Excel XLL file on them.
XLL files are similar to a DLL file, with the addition of an "xlAutoOpen" function executed by Excel. This feature (an add-in, essentially) lets Excel read and redact data, import data from other sources, create custom functions, and do multiple tasks.
In this particular case, the function downloads and also installs the RedLine malware. RedLine is an information thief that summarizes cookies, login information, and also credit card information stored in web browsers. It can also recover FTP usernames and passwords, run commands, download and activate helper malware, such as active Windows screenshots.
If the victim installs RedLine, he will search for valuable information in Google Chrome, Edge, Mozilla Firefox, Brave and Opera, and will send all the information summarized to his command and control servers, where the operators would surely classify and sell the data in the market. . .Black.
XLL files are executable, which generally makes them a potentially dangerous file type. Users should be very careful when perceiving these files and should make sure they get the files from a reliable source already before going ahead and running them.
XLL files are rarely sent as e-mail attachments, Bleeping Computer recalls, arguing that as a general rule they are installed through another program or through the Windows administrator. Consequently, any file sent by post must be treated with exceptional care.
In addition to being attentive to attached files and links in e-mails, users must also make sure to protect their endpoints with secure and up-to-date passwords, as well as that their system is running safeguards, such as antivirus and firewall solutions.