Microsoft has identified a new Excel (opens in new tab) malware campaign that uses a novel technique to bypass traditional antivirus software (opens in new tab) and other security solutions.
According to the firm, cybercriminal syndicate Chimborazo is distributing a rigged Excel document capable of infecting victims with the password-stealing GraceWire trojan. Before the Excel file is downloaded, however, the victim is asked to fill out a CAPTCHA form, used in legitimate scenarios to establish whether a user is human or not.
By concealing malware behind a CAPTCHA wall, which in essence requires the user to activate the download manually, hackers are more likely to successfully bypass security systems that scan for automated malware downloads.
- These are our picks of the best ransomware protection services (opens in new tab) around
- We've built a list of the best productivity tools (opens in new tab) on the market
- Check out our list of the best business laptops (opens in new tab) out there
Microsoft Excel malware
Microsoft Security Intelligence has reportedly been tracking the work of Chimborazo at least since January, and has dubbed the ongoing Excel malware campaign Dudear.
“CHIMBORAZO, the group behind Dudear campaigns that deploy the info-stealing Trojan GraceWire, evolved their methods once again in constant pursuit of detection evasion,” the team tweeted. “The group is now using websites with CAPTCHA to avoid automated analysis.”
The group has also been seen to distribute the infected Excel file via phishing campaigns and embedded web links. In a number of recent scenarios, phishing emails link out to redirector sites or contain malicious HTML attachments. In all instances, Chimboranza leaned on the CAPTCHA technique to minimize the risk of detection.
While using CAPTCHA to evade security software is not unheard of, neither is it common - and the technique is fast becoming this particular hacking group’s modus operandi.
Chimboranza is expected to continue to adapt its method of malware delivery in the coming months in a bid to maximize infection rates and head off measures put in place by security teams. For this reason, users are advised to exercise caution when downloading unsolicited Excel files - or files of any other type - and to examine CAPTCHA widgets for signs of illegitimacy.
- Check out our list of the best malware removal services (opens in new tab) available
Via Ars Technica (opens in new tab)