Threat Actors Continue Abusing Microsoft Office Products in Phishing Campaigns

Threat actors continue abusing Microsoft Office products to fool unsuspecting individuals and to inject malware onto victims’ devices. Since December, threat actors have been sending mass phishing attacks with Excel files that deceive victims into downloading Emotet onto their systems. After victims open the Excel file, it prompts them to enable macros which subsequently downloads Emotet and enables other malicious activity. Fortunately, Microsoft has finally disabled Excel 4.0 macros by default, which should help in many instances. However, users may still need to be reminded not to enable macros just because they are prompted to do so. Read more at AhnLab.

Another phishing campaign is exploiting PowerPoint documents to distribute different forms of malware. The malware families that are being deployed are AgentTesla and Warzone. Both are remote access trojans (RATs) that allow adversaries to steal credentials and log keystrokes, among other activities. Members are encouraged to include these types of Microsoft Office themed phishing attempts in security awareness reminders. Read more at BleepingComputer.