Microsoft began to prevent Word, Excel and PowerPoint from using certain macros (Macro) in July this year in order to prevent cyber attacks against Microsoft 365. After Microsoft blocked these security holes, hackers did not give up their attack pace. Recently, a security company discovered a vulnerability similar to a macro attack on Excel.
In a recently disclosed document, the Cisco Talos Threat Source security team found that malicious actors are attempting to exploit XLL files to target Excel users.
XLL files are dynamic link library files that can only be opened by Excel and are used to add additional functionality to spreadsheets. In the past few years, hackers have been using XLL files to launch attacks, with the most intense attacks in late 2021.
For a long time, there have been only a few sporadic attacks using XLL files,” said Vanja Svajcer, outreach researcher at Cisco Talos. But the number of attacks only increased significantly in 2021, when malware families such as Dridex and Formbook started using it,” said Vanja Svajcer, outreach researcher at Cisco Talos.
Organizations such as APT10 (also known as Chessmaster, Potassium and menuPass), TA410 (also known as Cicada or Stone Panda), DoNot and Fin7XLLs have been using XLLs to inject malware such as Anel Backdoor in order to steal information through keylogging, password stealing and screenshots.
To keep yourself as safe as possible, Microsoft recommends that you do not open XLL files from untrusted sources and that you use the Office Trust Center to manage the plug-in’s security settings.
