Don’t Fall Victim to This Simple Microsoft Excel Macro Hack

Are you confident your devices are free from malicious malware? If not, what does this mean to your ongoing business if you are on the receiving end of a cyberattack? No technology – no business! Microsoft’s Security Intelligence team has warned that it has been tracking a “massive” phishing campaign that attempts to install a remote access tool onto PCs by duping users into opening email attachments containing malicious Excel 4.0 macros. Microsoft’s Security Intelligence team said in a series of tweets, “For several months now, we’ve been seeing a steady increase in the use of malicious Excel 4.0 macros in malware campaigns. In April, these Excel 4.0 campaigns jumped on the bandwagon and started using COVID-19 themed lures,” The team said that while the hundreds of unique Excel files in this campaign use “highly obfuscated formulas”, all of them connect to the same URL to download the payload. Don’t fall victim to this Microsoft Excel macro attack allowing cybercriminals to access and control your computers.

Excel Macro Hack

How Macro Malware Works

Cyber attackers often manipulate Microsoft Excel to launch their digital strikes. Two recent findings demonstrate how the program’s own legitimate features can be used against it. While Macros are a powerful way to automate common tasks in Excel, macro malware uses this same functionality to infect your devices. Macros are written in programming language VBA (Virtual Basic for Applications). Typically, macro malware is transmitted through phishing emails containing malicious attachments. The macro virus spreads quickly as users share infected documents. Once an infected macro is executed, it will typically infect every other document on a user’s computer.

Macros Can Hide In Attachments

Macro malware hides in Microsoft Office files and is delivered as email attachments or inside ZIP files. These files use names that are intended to entice or scare people into opening them. They often look like invoices, receipts, legal documents, and more. In updated versions of Microsoft Office, macros are disabled by default to help prevent cyberattacks. This means malware authors must convince users to turn on these macros so that their malware can run.

Malware Can Pretend to be from Legitimate Organizations

These emails come from the Johns Hopkins Center bearing the title “WHO COVID-19 SITUATION REPORT”. If the recipient attempts to open the attached Excel files it will open with a security warning, and show a graph of supposed coronavirus cases in the US. But if allowed to run, the malicious Excel 4.0 macro also downloads and runs NetSupport Manager.

NetSupport Manager is a legitimate remote access tool, and it’s known for being abused by attackers to gain remote access to your device. It connects to a command-and-control (C&C) server, allowing attackers to send further commands.

How to Protect Yourself

To protect yourself again these attacks, you can change macro security settings in the Trust Center unless a system administrator in your organization has changed the default settings to prevent you from changing the settings.

  • Make sure macros are disabled in your Microsoft Office applications.
  • In enterprises, IT admins set the default setting for macros as Enable or Disable macros in Office documents.
  • Don’t open suspicious emails or suspicious attachments.
  • Delete any emails from unknown people or with suspicious content.
  • Enterprises can prevent macro malware from running executable content using ASR rules

If you aren’t sure if you are vulnerable to an Excel Macro attack, you can always ask the experts. Essential Solutions offers proactive IT support and cybersecurity solutions to detect then shore up potential entry portals in your systems and networks long before cybercriminals have the opportunity to penetrate and exploit them. In Baton Rouge, call 225-336-0273, if in New Orleans call 504-533-8323 for your complimentary cybersecurity assessment.