Mimecast discovers rise in LimeRAT malware using read-only Excel spreadsheets

Hackers leverage Excel’s default password to deliver malware to unsuspecting users

Mimecast Threat Center researchers have discovered a rise in LimeRAT malware delivery using Microsoft Excel’s “VelvetSweatshop” default password.

The research team found making an Excel file read-only instead of locking it encrypts the file without needing an externally created password to open it. This tactic makes it easier to trick an unsuspecting victim into opening the file and installing malware. 

This tactic involves hackers hiding malicious code in an Excel file, making the file read-only and then spreading it via a phishing email. The attack then takes advantage of the program’s default password, “VelvetSweatshop.”

For some time, hackers have taken advantage of how Excel’s encryption and decryption processes work to distribute malware, Mimecast explained.

With LimeRAT installed, hackers can deliver ransomware, a cryptominer, a keylogger or create a bot client. Because of its ease of delivery and Microsoft Excel’s popularity, Mimecast researchers expect to see this form of attack used more often. Mimecast Threat Center has notified Microsoft of this campaign. 

Microsoft Office files remain some of the most popular file formats for delivering malware. This popularity has put Microsoft Excel in hackers’ crosshairs, as password-protected Excel files are relatively common and unlikely to raise suspicions. 

In the past, attacks have typically involved hiding malware within an Excel file, encrypting the file using a password and distributing the malware via phishing emails with the password included in the body of the email. 

Due to the popularity of Microsoft Excel spreadsheets and the rise of the “VelvetSweatshop” technique to deliver LimeRAT malware, Mimecast has shared a number of tips to help keep assist organizations and Microsoft Excel safe:

  • Make certain users understand how to scrutinize all received emails, particularly those with file attachments. 
  • Implement an email security system with advanced malware protection capabilities. The system should include static file analysis and sandboxing to filter out malicious emails before they arrive in a user’s inbox.
  • Update your endpoint security system on a continual basis to increase the likelihood of detecting malicious software.
Featured Resources

BIOS security: The next frontier for endpoint protection

Today’s threats upend traditional security measures

Download now

The role of modern storage in a multi-cloud future

Research exploring the impact of modern storage in defining cloud success

Download now

Enterprise data protection: A four-step plan

An interactive buyers’ guide and checklist

Download now

The total economic impact of Adobe Sign

Cost savings and business benefits enabled by Adobe Sign

Download now

Recommended

The Ritz suffers data breach after hackers pose as staff
data breaches

The Ritz suffers data breach after hackers pose as staff

17 Aug 2020
Russia hacked Liam Fox's personal email to steal trade documents
phishing

Russia hacked Liam Fox's personal email to steal trade documents

4 Aug 2020
British teenager charged over Twitter hack
hacking

British teenager charged over Twitter hack

3 Aug 2020
Mid-year report says vulnerabilities up 22% in 2020
hacking

Mid-year report says vulnerabilities up 22% in 2020

30 Jul 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
The Xbox Series X shows how far the cloud still has to go
Cloud

The Xbox Series X shows how far the cloud still has to go

25 Sep 2020