Cybersecurity

Malicious Excel File Drops Python Info-stealer | Cyware Hacker News

A recent analysis by Fortinet’s FortiGuard Labs has unveiled a sophisticated Python-based info-stealer distributed through a malicious Excel document. The attack exemplifies the innovative techniques cybercriminals employ to breach personal and organizational data.

Diving into Details

  • At the core of this campaign is the use of Excel 4.0 macros, a legacy feature that remains supported for compatibility reasons but has been increasingly exploited by attackers due to its powerful automation capabilities.
  • Upon activation, these macros download and execute a Python script that scans the victim’s device for sensitive information, including but not limited to passwords, financial details, and personal data. 
  • This script showcases a high level of sophistication, with mechanisms in place to avoid detection and ensure the stealthy exfiltration of data.

Beware of these info-stealers

  • Recently, malicious PyPI packages were found delivering WhiteSnake Stealer, targeting Windows and Linux systems to steal information and execute commands.
  • The threat actor “WS” was behind the campaign, aiming to exfiltrate sensitive data, including crypto wallet information, from target machines.
  • In January, Trend Micro spotted a campaign abusing the CVE-2023-36035 in Windows SmartScreen to spread a new strain of the Phemedrone Stealer
  • The malware targets cryptocurrency wallets and messaging apps, including Telegram, Steam, and Discord.

The bottom line

The discovery of this Python-based info-stealer highlights the perpetual cat-and-mouse game between cybercriminals and cybersecurity defenders. Mitigations against such threats include disabling macros in Microsoft Office documents by default and conducting regular security awareness training for all users. These steps, while not exhaustive, provide a foundational layer of defense against the ever-evolving tactics of cyber adversaries.