Microsoft warns users of new Excel malware campaign that is forcing users to fill out a malicious CAPTCHA form.
Microsoft Warns Of New Excel Malware Campaign; Fake CAPTCHA Form.
Microsoft has announced that it has identified a new Excel malware campaign. It uses a “novel” technique to skip traditional antivirus scans and other security solutions installed on the system.
As per Microsoft’s statement, CHIMBORAZO, a cyber-criminal group, is behind the distribution of an infected Excel document. The malware infects the victim’s computer with GraceWire, a password-stealing Trojan.
To make it look legit, the malware asks the user to fill out a CAPTCHA form. Often CAPTCHA is used to confirm is the user is human or not.
However, the hackers in the current campaign conceals the malware behind the CAPTCHA form. This makes it essential for the user to click on it and further download it manually.
Thus, it makes the scenario easier for hackers to bypass scan and install the malicious program.
CAPTCHA Form Is Used To Drop Infected Excel File
In a report, Microsoft Security Intelligence said that they have been tracking Chimborazo since January 2020. So, the ongoing malware campaign as named as Dudear.
Also, the team posted a series of tweets in which they said that CHIMBORAZO, the group behind Dudear campaigns, had evolved their methods to evade detection. Further, they also noticed a surge in such campaigns in the last week.
CHIMBORAZO, the group behind Dudear campaigns that deploy the info-stealing Trojan GraceWire, evolved their methods once again in constant pursuit of detection evasion. The group is now using websites with CAPTCHA to avoid automated analysis. pic.twitter.com/Kz3cdwYDd7
— Microsoft Security Intelligence (@MsftSecIntel) June 17, 2020
In recently, the group is actively began sending phishing emails to target users. The phishing emails either have links to a malicious website or use an iframe code to attach the malicious URL. However, in both methods, the website shows a CAPTCHA form.
“Solving the CAPTCHA leads to the download of an Excel file with malicious macros. When enabled, the malicious macro downloads the GraceWire (aka FlawedGrace) payload,” said Microsoft Security Intelligence.
The researchers at Microsoft are keeping an eye on the activities of CHIMBORAZO and its evolving methods. Microsoft also mentioned that Microsoft Threat Protection protects such evasive campaigns.
The group has distributed the infected Excel file using phishing campaigns and embedded web links.
In many scenarios, the phishing emails link out to redirect sites. In some cases, it contains malicious HTML codes or attachments.
A lesser-used methodology
Although, the use of CAPTCHA to evade security measures is not new. However, it is not common for hackers to use the technique.
But now is becoming a popular tool for this particular hacking group. Also, there is a possibility that CHIMBORAZO will continue to adapt the methodology of malware delivery in the coming months to increase its infection rate.
With its new malware delivery techniques, it will be possible for them to evade the detection of security programs.
Experts advised users to stay vigilant
Thus, the experts have advises the users to avoid clicking on links from unknown sources. As the precautionary measures will avoid phishing scams and reduce the chances of malware delivery.
Also, the researchers at Microsoft are continuously updating the firewalls and security applications to ensure the users stay secure from such attacks.
While CAPTCHA gives a sense of authenticity for the website and files we download from the site. But still there is a chance that the attached Excel file has the said malware.
So, if you use Excel extensively, it is better to stay vigilant and use the latest versions of antivirus applications with automated updating switched on.
Protect your computer with HitmanPro Now
Although, it is very important to enable 2FA on your accounts, and use strong passwords. But to keep the passwords secure you should use a reputable Password Manager tool like Dashlane(Review).
To secure Your Digital Wallets download DashLane Password Manager Now.