Windows PCs targeted with new malware spread through .xls attachment

Microsoft Office applications are forever a favorite area of attack by cyber-criminals seeking to compromise Windows PCs. Once again this is occurring as fresh malware is being spread through an excel attachment within electronic mails inside macro. A form of action or some actions packed together, a macro can be run any number of times desired.

Evidently according to a warning by Microsoft, end-users require being vigilant of one fresh malware attack pretending to be certain Excel attachment aiming to infect Windows computers. The software giant's team of security experts asserts that there is one complex bundle of infections inside the Excel attachment which helps download the infamous RAT named FlawedAmmyy as well as run it straight away inside memory. The process consumes macro functions for showering assault on Windows computers. Proofpoint states the malevolent attack comes from TA505 name of a group, while FlawedAmmyy has acquired notoriety ever since it targeted companies within the retail and finance sectors. www.zdnet.com posted this, June 24, 2019.

Microsoft warns people receiving an e-mail having Excel attachment to avoid opening it.

For, if opened, the spread sheet even without any user interaction executes one macro function which executes an executable file named msiexec.exe that then pulls down one MSI archive. This last cluster of files has an executable that's digitally signed which's extracted and executed before it decrypts as well as executes another .exe file inside memory.

Executing inside memory aids malicious software bypass detection from AV programs which scrutinizes files that are solely on disk.

One particular file such as wsus.exe is subsequently pulled down and decrypted. It appears as the authorized WSUS (Windows Service Update Service) of Microsoft which's shown as digitally signed dated 19th June after which it decrypts the malicious software inside RAM, thereby planting FlawedAmmyy. www.timesnownews.com posted this, June 26, 2019.

And since the attachment in the attack contains Korean-language characters, it seems the targets are Korean-speaking people operating Windows computers.

However, Microsoft states the Threat Protection of the company safeguards consumers against the attack. Already Microsoft is battling the particular Windows malware while advising end-users that they mustn't enable macros.

» SPAMfighter News - 7/1/2019