Mimecast discovers rise in LimeRAT malware using read-only Excel spreadsheets

Hackers leverage Excel’s default password to deliver malware to unsuspecting users

Mimecast Threat Center researchers have discovered a rise in LimeRAT malware delivery using Microsoft Excel’s “VelvetSweatshop” default password.

The research team found making an Excel file read-only instead of locking it encrypts the file without needing an externally created password to open it. This tactic makes it easier to trick an unsuspecting victim into opening the file and installing malware. 

This tactic involves hackers hiding malicious code in an Excel file, making the file read-only and then spreading it via a phishing email. The attack then takes advantage of the program’s default password, “VelvetSweatshop.”

For some time, hackers have taken advantage of how Excel’s encryption and decryption processes work to distribute malware, Mimecast explained.

With LimeRAT installed, hackers can deliver ransomware, a cryptominer, a keylogger or create a bot client. Because of its ease of delivery and Microsoft Excel’s popularity, Mimecast researchers expect to see this form of attack used more often. Mimecast Threat Center has notified Microsoft of this campaign. 

Microsoft Office files remain some of the most popular file formats for delivering malware. This popularity has put Microsoft Excel in hackers’ crosshairs, as password-protected Excel files are relatively common and unlikely to raise suspicions. 

In the past, attacks have typically involved hiding malware within an Excel file, encrypting the file using a password and distributing the malware via phishing emails with the password included in the body of the email. 

Due to the popularity of Microsoft Excel spreadsheets and the rise of the “VelvetSweatshop” technique to deliver LimeRAT malware, Mimecast has shared a number of tips to help keep assist organizations and Microsoft Excel safe:

  • Make certain users understand how to scrutinize all received emails, particularly those with file attachments. 
  • Implement an email security system with advanced malware protection capabilities. The system should include static file analysis and sandboxing to filter out malicious emails before they arrive in a user’s inbox.
  • Update your endpoint security system on a continual basis to increase the likelihood of detecting malicious software.
Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Recommended

HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
Russia launched over a million cyber attacks in three months
hacking

Russia launched over a million cyber attacks in three months

13 Apr 2021
Hackers leak data from dark web marketplace
cyber security

Hackers leak data from dark web marketplace

9 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
UK exploring plans to launch its own digital currency
digital currency

UK exploring plans to launch its own digital currency

19 Apr 2021