Malicious Excel File Drops Python Info-stealer

Diving into Details

• At the core of this campaign is the use of Excel 4.0 macros, a legacy feature that remains supported for compatibility reasons but has been increasingly exploited by attackers due to its powerful automation capabilities.
• Upon activation, these macros download and execute a Python script that scans the victim's device for sensitive information, including but not limited to passwords, financial details, and personal data. 
• This script showcases a high level of sophistication, with mechanisms in place to avoid detection and ensure the stealthy exfiltration of data.

Beware of these info-stealers

• Recently, malicious PyPI packages were found delivering WhiteSnake Stealer, targeting Windows and Linux systems to steal information and execute commands.
• The threat actor "WS" was behind the campaign, aiming to exfiltrate sensitive data, including crypto wallet information, from target machines.
• In January, Trend Micro spotted a campaign abusing the CVE-2023-36035 in Windows SmartScreen to spread a new strain of the Phemedrone Stealer. 
• The malware targets cryptocurrency wallets and messaging apps, including Telegram, Steam, and Discord.

The bottom line