Malicious Excel XLL add-ins push RedLine password-stealing malware

Gandalf_The_Grey

Level 62
Thread author
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
5,112
Cybercriminals are spamming website contact forms and discussion forums to distribute Excel XLL files that download and install the RedLine password and information-stealing malware.

RedLine is an information-stealing Trojan that steals cookies, user names and passwords, and credit cards stored in web browsers, as well as FTP credentials and files from an infected device.

In addition to stealing data, RedLine can execute commands, download and run further malware, and create screenshots of the active Windows screen.

All of this data is collected and sent back to the attackers to be sold on criminal marketplaces or used for other malicious and fraudulent activity.

Spamming contact forms and discussion forums

Over the past two weeks, BleepingComputer's contact forms have been spammed numerous times with different phishing lures, including fake advertising requests, holiday gift guides, and website promotions.

After researching the lures, BleepingComputer has discovered this to be a widespread campaign targeting many websites using public forums or article comment systems.

In some phishing lures seen by BleepingComputer, the threat actors have created fake websites to host the malicious Excel XLL files used to install the malware.