Skip to main content

Posts

Showing posts from April 19, 2020

Hackers Attack Taxpayers Computers Using Netwire RAT via Weaponized Microsoft Excel 4.0

With tax season upon us, Researchers from FortiGuard Labs observed that a new NetWire RAT is spreading in wild using legacy MS Excel 4.0 named “1040 W2 IRS letter.xls” to perform keylogger functions such as capturing screenshots, collecting credentials and so on from victim machines. In the past, Many NetWire RAT  campaigns  primarily target verticals like financial services, businesses, and educational institutions.  It is a multiplatform  RAT  typically delivered via malspam attachments that contain Microsoft Office files with embedded executables. It has emerged in the wild from 2012 onwards with improved remote access features and is commercially available in the dark web. Netwire RAT campaigns  This is the first time, Researchers  observed  NetWire RAT being spread in an Excel file using an Excel 4.0 Macro. Excel 4.0 was introduced in 1992, contained an early version of Macro Excel 4.0 macros (also called XLM macr...