IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Mimecast discovers rise in LimeRAT malware using read-only Excel spreadsheets

Hackers leverage Excel’s default password to deliver malware to unsuspecting users

Mimecast Threat Center researchers have discovered a rise in LimeRAT malware delivery using Microsoft Excel’s “VelvetSweatshop” default password.

The research team found making an Excel file read-only instead of locking it encrypts the file without needing an externally created password to open it. This tactic makes it easier to trick an unsuspecting victim into opening the file and installing malware. 

This tactic involves hackers hiding malicious code in an Excel file, making the file read-only and then spreading it via a phishing email. The attack then takes advantage of the program’s default password, “VelvetSweatshop.”

For some time, hackers have taken advantage of how Excel’s encryption and decryption processes work to distribute malware, Mimecast explained.

With LimeRAT installed, hackers can deliver ransomware, a cryptominer, a keylogger or create a bot client. Because of its ease of delivery and Microsoft Excel’s popularity, Mimecast researchers expect to see this form of attack used more often. Mimecast Threat Center has notified Microsoft of this campaign. 

Microsoft Office files remain some of the most popular file formats for delivering malware. This popularity has put Microsoft Excel in hackers’ crosshairs, as password-protected Excel files are relatively common and unlikely to raise suspicions. 

In the past, attacks have typically involved hiding malware within an Excel file, encrypting the file using a password and distributing the malware via phishing emails with the password included in the body of the email. 

Due to the popularity of Microsoft Excel spreadsheets and the rise of the “VelvetSweatshop” technique to deliver LimeRAT malware, Mimecast has shared a number of tips to help keep assist organizations and Microsoft Excel safe:

  • Make certain users understand how to scrutinize all received emails, particularly those with file attachments. 
  • Implement an email security system with advanced malware protection capabilities. The system should include static file analysis and sandboxing to filter out malicious emails before they arrive in a user’s inbox.
  • Update your endpoint security system on a continual basis to increase the likelihood of detecting malicious software.
Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Most Popular

Why convenience is the biggest threat to your security

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Microsoft successfully tests emission-free hydrogen fuel cell system for data centres
data centres

Microsoft successfully tests emission-free hydrogen fuel cell system for data centres

29 Jul 2022