Mimecast discovers rise in LimeRAT malware using read-only Excel spreadsheets

Hackers leverage Excel’s default password to deliver malware to unsuspecting users

Mimecast Threat Center researchers have discovered a rise in LimeRAT malware delivery using Microsoft Excel’s “VelvetSweatshop” default password.

The research team found making an Excel file read-only instead of locking it encrypts the file without needing an externally created password to open it. This tactic makes it easier to trick an unsuspecting victim into opening the file and installing malware. 

This tactic involves hackers hiding malicious code in an Excel file, making the file read-only and then spreading it via a phishing email. The attack then takes advantage of the program’s default password, “VelvetSweatshop.”

For some time, hackers have taken advantage of how Excel’s encryption and decryption processes work to distribute malware, Mimecast explained.

With LimeRAT installed, hackers can deliver ransomware, a cryptominer, a keylogger or create a bot client. Because of its ease of delivery and Microsoft Excel’s popularity, Mimecast researchers expect to see this form of attack used more often. Mimecast Threat Center has notified Microsoft of this campaign. 

Microsoft Office files remain some of the most popular file formats for delivering malware. This popularity has put Microsoft Excel in hackers’ crosshairs, as password-protected Excel files are relatively common and unlikely to raise suspicions. 

In the past, attacks have typically involved hiding malware within an Excel file, encrypting the file using a password and distributing the malware via phishing emails with the password included in the body of the email. 

Due to the popularity of Microsoft Excel spreadsheets and the rise of the “VelvetSweatshop” technique to deliver LimeRAT malware, Mimecast has shared a number of tips to help keep assist organizations and Microsoft Excel safe:

  • Make certain users understand how to scrutinize all received emails, particularly those with file attachments. 
  • Implement an email security system with advanced malware protection capabilities. The system should include static file analysis and sandboxing to filter out malicious emails before they arrive in a user’s inbox.
  • Update your endpoint security system on a continual basis to increase the likelihood of detecting malicious software.
Featured Resources

Next-generation time series: Forecasting for the real world, not the ideal world

Solve time series problems with AI

Free download

The future of productivity

Driving your business forward with Microsoft Office 365

Free download

How to plan for endpoint security against ever-evolving cyber threats

Safeguard your devices, data, and reputation

Free download

A quantitative comparison of UPS monitoring and servicing approaches across edge environments

Effective UPS fleet management

Free download

Recommended

Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Royal Mint to recover gold from smartphones and laptops in world first
Technology

Royal Mint to recover gold from smartphones and laptops in world first

21 Oct 2021