Excel XLL Add-ins Are Pushing a Password-stealing Malware
RedLine Malware Is Able to steal Cookies, User Names, and Passwords, and Other Data Stored in Web Browsers.
Malicious hackers are distributing Excel XLL files that download and install the RedLine password and information-stealing malware via website contact forms and discussion forums.
What Are XLL Files?
XLL files are Excel macro libraries and are classified as Excel add-ins. They have been superseded by XLAM files in subsequent Excel versions. Both allow users to employ user-defined functions in Microsoft Excel.
XLLs are executable files since they are dynamic link libraries (DLLs). Many people are aware that they should not download every.exe file – but the same is true for XLL files.
These like.exe files are made up of binary code that may perform a number of functions within the appropriate host software.
An XLL file’s host is plainly Microsoft Excel, and all XLL files are immediately connected to Excel. When a user accesses such a file, Excel is launched, which first requests permission to run the relevant add-in – and hence the code it contains.
RedLine is a Trojan that collects cookies, user names and passwords, and credit card information stored in web browsers, as well as FTP credentials and files from an infected system.
RedLine has the ability to execute instructions, download and launch other malware, and take pictures of the active Windows screen in addition to stealing data.
All of this information is gathered and given back to the attackers to be sold on criminal markets or used for other destructive and fraudulent purposes.
The journalists at BleepingComputer observed that the website’s contact forms had been spammed multiple times in the last two weeks with various phishing lures, such as false advertising requests, Christmas gift suggestions, and website promotions.
BleepingComputer determined this to be a broad effort targeting numerous websites via public forums or article comment systems after investigating the lures.
How Can Heimdal™ Help You?
Heimdal™ is always updated and keeps pace with the latest cybersecurity trends, a quality that perfectly illustrates its products too. Our awarded Threat Prevention Endpoint solution uses Machine Learning, cybercrime intelligence, and artificial intelligence capabilities to help you prevent future threats with 96 % accuracy on your endpoints, a very efficient threat hunting solution that makes malicious URLs, processes, and attacker’s origins no longer anonymous.