silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,151
A newly discovered malware gang is using a clever trick to create malicious Excel files that have low detection rates and a higher chance of evading security systems.
Discovered by security researchers from NVISO Labs, this malware gang — which they named Epic Manchego — has been active since June, targeting companies all over the world with phishing emails that carry a malicious Excel document.
But NVISO said these weren't your standard Excel spreadsheets. The malicious Excel files were bypassing security scanners and had low detection rates.
According to NVISO, this was because the documents weren't compiled in the standard Microsoft Office software, but with a .NET library called EPPlus.
Malware gang uses .NET library to generate Excel docs that bypass security checks
They were still Excel documents. Just not your typical Excel files. Enough to trick some security systems, though.
www.zdnet.com
Indicators of compromise and a technical breakdown of the malicious EPPlus-rendered Excel files are available in NVISO Labs' Epic Manchego report.