Microsoft Office Docs New Vessel for Loki Malware [source: darkreading]

by CIRT Team

Loki malware, built to steal credentials, is distributed via Microsoft Excel and other Office applications rigged with malicious ‘scriptlets’ to evade detection.

A stealthy new attack distributes Loki malware in Microsoft Excel spreadsheets and other Office applications.

The attack, which was discovered by Lastline Labs, is tough to detect in its early stages. It bypasses traditional antivirus and is often dismissed as a false positive because it relies on malicious “scriptlets” that are added to Office files using external links.

Earlier this month, Lastline published findings on a malicious Excel file with the ability to download and execute malware. They saw no evidence of macros, shellcode, or DDE functionality, and it showed a low detection on Virustotal, which typically indicates it’s either an unknown technique or a false positive.

Less than two weeks later, the malicious Excel scriptlet-laden spreadsheet garnered 12 detections on Virustotal across 60 AV tools, a sign it went from false positive to potential infection.

For more, click here.

CIRT Team

Recommended Posts

Training on cybersecurity awareness for Department of Women Affairs

25 Nov 2023 - Articles, English articles, News, News Clipping, Service

BGD e-GOV CIRT এর আয়োজনে আয়োজনে আর্থিক প্রতিষ্ঠান ও CII সমূহের সাইবার ড্রিল ২০২৩ চূড়ান্ত পর্ব অনুষ্ঠিত

22 Oct 2023 - Articles, Bangla Articles, CIRT In Media, News, News Clipping

WhatsApp down for millions of users globally: App not working for group and individual chats; Twitter gets flooded with memes

25 Oct 2022 - News, News Clipping