Mimecast discovers rise in LimeRAT malware using read-only Excel spreadsheets

Hackers leverage Excel’s default password to deliver malware to unsuspecting users

Mimecast Threat Center researchers have discovered a rise in LimeRAT malware delivery using Microsoft Excel’s “VelvetSweatshop” default password.

The research team found making an Excel file read-only instead of locking it encrypts the file without needing an externally created password to open it. This tactic makes it easier to trick an unsuspecting victim into opening the file and installing malware. 

Advertisement - Article continues below

This tactic involves hackers hiding malicious code in an Excel file, making the file read-only and then spreading it via a phishing email. The attack then takes advantage of the program’s default password, “VelvetSweatshop.”

For some time, hackers have taken advantage of how Excel’s encryption and decryption processes work to distribute malware, Mimecast explained.

With LimeRAT installed, hackers can deliver ransomware, a cryptominer, a keylogger or create a bot client. Because of its ease of delivery and Microsoft Excel’s popularity, Mimecast researchers expect to see this form of attack used more often. Mimecast Threat Center has notified Microsoft of this campaign. 

Microsoft Office files remain some of the most popular file formats for delivering malware. This popularity has put Microsoft Excel in hackers’ crosshairs, as password-protected Excel files are relatively common and unlikely to raise suspicions. 

In the past, attacks have typically involved hiding malware within an Excel file, encrypting the file using a password and distributing the malware via phishing emails with the password included in the body of the email. 

Advertisement - Article continues below
Advertisement - Article continues below

Due to the popularity of Microsoft Excel spreadsheets and the rise of the “VelvetSweatshop” technique to deliver LimeRAT malware, Mimecast has shared a number of tips to help keep assist organizations and Microsoft Excel safe:

  • Make certain users understand how to scrutinize all received emails, particularly those with file attachments. 
  • Implement an email security system with advanced malware protection capabilities. The system should include static file analysis and sandboxing to filter out malicious emails before they arrive in a user’s inbox.
  • Update your endpoint security system on a continual basis to increase the likelihood of detecting malicious software.
Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now



Nigerian hackers swindle millions of dollars from unemployment systems

22 May 2020

Hackers take on unsuspecting airliners, exposing customer data

22 May 2020

Hackers target game developers with advanced malware

21 May 2020

Security Service of Ukraine arrests infamous hacker Sanix

21 May 2020

Most Popular


The top ten password-cracking techniques used by hackers

5 May 2020

Nokia breaks 5G record with speeds nearing 5Gbps

20 May 2020
cloud computing

Microsoft launches public cloud service for health care

21 May 2020