big rise in phishing attacks using Microsoft Excel XLL add-ins (stealth delivery of malware)


Level 37
Thread author
Top poster
Feb 4, 2016
There's been a big rise in phishing attacks using Microsoft Excel XLL add-ins
Cybersecurity researchers warn that multiple forms of malware are being stealthily delivered via Microsoft Excel XLL files.

A wave of cyber attacks are exploiting Microsoft Excel add-in files in order to deliver several forms of malware in campaigns which could leave businesses vulnerable to data theft, ransomware and other cyber crime.

Detailed by researchers at HP Wolf Security, the campaigns use malicious Microsoft Excel add-in (XLL) files to infect systems and there was an almost six-fold increase – a 588% rise – in attacks using this technique during the final quarter of 2021 when compared to the previous three months.

XLL add-in files are popular because they enable users to deploy a wide variety of extra tools and functions in Microsoft Excel. But like macros, they're a tool which can be exploited by cyber criminals.

The attacks are distributed via phishing emails based around payment references, invoices, quotes, shipping documents and orders which come with malicious Excel documents with XLL add-in files. Running the malicious file prompts users to install and activate the add-in - which will secretly run the malware on the victim's machine.