Beware, that Excel document could be infected with dangerous malware


  • A new phishing campaign was recently detected that distributed an Excel file
  • The file places a fileless version of Remcos RAT on the device
  • Remcos can steal sensitive files, registry keys and more

Hackers have been seen distributing a fileless version of the Remcos Remote Access Trojan (RAT), which they then use to steal sensitive information from target devices using hijacked spreadsheet software.

In a technical analysis, Fortinet researchers said they observed threat actors sending phishing emails with the usual purchase order subject. Attached to the email is a Microsoft Excel file, created to exploit a remote code execution vulnerability found in Office (CVE-2017-0199). When enabled, the file will download an HTML application (HTA) file from a remote server and launch it via mshta.exe.

scroll to top