Excel XLL Add-ins Are Pushing a Password-stealing Malware

Malicious hackers are distributing Excel XLL files that download and install the RedLine password and information-stealing malware via website contact forms and discussion forums.

What Are XLL Files?

XLL files are Excel macro libraries and are classified as Excel add-ins. They have been superseded by XLAM files in subsequent Excel versions. Both allow users to employ user-defined functions in Microsoft Excel.

XLLs are executable files since they are dynamic link libraries (DLLs). Many people are aware that they should not download every.exe file – but the same is true for XLL files.

These like.exe files are made up of binary code that may perform a number of functions within the appropriate host software.

An XLL file’s host is plainly Microsoft Excel, and all XLL files are immediately connected to Excel. When a user accesses such a file, Excel is launched, which first requests permission to run the relevant add-in – and hence the code it contains.

What Happened?

RedLine is a Trojan that collects cookies, user names and passwords, and credit card information stored in web browsers, as well as FTP credentials and files from an infected system.

RedLine has the ability to execute instructions, download and launch other malware,

Read More: https://heimdalsecurity.com/blog/excel-xll-add-ins-are-pushing-a-password-stealing-malware/