This 'particularly dangerous' phishing attack features a weaponized Excel file

A new phishing campaign is targeting employees in financial services using links that download what is described as a ‘weaponized’ Excel document. 

The phishing campaign, dubbed MirrorBlast, was detected by security firm ET Labs in early September. Fellow security firm Morphisec has now analyzed the malware and notes the malicious Excel files could bypass malware-detection systems because it contains “extremely lightweight” embedded macros, making it “particularly dangerous” for organizations that depend on detection-based security and sandboxing. 

ZDNet Recommends

The best cyber insurance

The cyber insurance industry is likely to go mainstream and is a simple cost of doing business. Here are a few options to consider.

Read More

Macros, scripts for automating tasks, have become a popular tool for cyberattackers. While macros are disabled in Excel by default, attackers use social engineering to trick potential victims into enabling macros. 

SEE: This new ransomware encrypts your data and makes some nasty threats, too

Though seemingly a basic technique, macros have been used by state-sponsored hackers because they often work. Microsoft earlier this year expanded its Antimalware Scan Interface (AMSI) for antivirus to address the surge in macro

Read More: