Malicious Excel XLL add-ins push RedLine password-stealing malware

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Cybercriminals are spamming website contact forms and discussion forums to distribute Excel XLL files that download and install the RedLine password and information-stealing malware.

RedLine is an information-stealing Trojan that steals cookies, user names and passwords, and credit cards stored in web browsers, as well as FTP credentials and files from an infected device.

In addition to stealing data, RedLine can execute commands, download and run further malware, and create screenshots of the active Windows screen.

All of this data is collected and sent back to the attackers to be sold on criminal marketplaces or used for other malicious and fraudulent activity.

Spamming contact forms and discussion forums

Over the past two weeks, BleepingComputer's contact forms have been spammed numerous times with different phishing lures, including fake advertising requests, holiday gift guides, and website promotions.

After researching the lures, BleepingComputer has discovered this to be a widespread campaign targeting many websites using public forums or article comment systems.

In some phishing lures seen by BleepingComputer, the threat actors have created fake websites to host the malicious Excel XLL files used to install the malware.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top