Microsoft Office Docs New Vessel for Loki Malware [source: darkreading]
by CIRT Team
Loki malware, built to steal credentials, is distributed via Microsoft Excel and other Office applications rigged with malicious ‘scriptlets’ to evade detection.
A stealthy new attack distributes Loki malware in Microsoft Excel spreadsheets and other Office applications.
The attack, which was discovered by Lastline Labs, is tough to detect in its early stages. It bypasses traditional antivirus and is often dismissed as a false positive because it relies on malicious “scriptlets” that are added to Office files using external links.
Earlier this month, Lastline published findings on a malicious Excel file with the ability to download and execute malware. They saw no evidence of macros, shellcode, or DDE functionality, and it showed a low detection on Virustotal, which typically indicates it’s either an unknown technique or a false positive.
Less than two weeks later, the malicious Excel scriptlet-laden spreadsheet garnered 12 detections on Virustotal across 60 AV tools, a sign it went from false positive to potential infection.
For more, click here.