Skip to main content

Malware gang uses .NET library to generate Excel docs that bypass security checks

posted onSeptember 6, 2020
by l33tdawg
Wikipedia
Credit: Wikipedia

A newly discovered malware gang is using a clever trick to create malicious Excel files that have low detection rates and a higher chance of evading security systems.

Discovered by security researchers from NVISO Labs, this malware gang — which they named Epic Manchego — has been active since June, targeting companies all over the world with phishing emails that carry a malicious Excel document.

But NVISO said these weren't your standard Excel spreadsheets. The malicious Excel files were bypassing security scanners and had low detection rates. According to NVISO, this was because the documents weren't compiled in the standard Microsoft Office software, but with a .NET library called EPPlus. Developers typically use this library part of their applications to add "Export as Excel" or "Save as spreadsheet" functions. The library can be used to generate files in a wide variety of spreadsheet formats, and even supports Excel 2019.

Source

Tags

Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th