This Excel malware even forces you to fill out a dreaded CAPTCHA form

News
By published

Watch out, spreadsheet enthusiasts - there’s Excel malware afoot

(Image credit: Shutterstock / 200dgr)

Microsoft has identified a new Excel malware campaign that uses a novel technique to bypass traditional antivirus software and other security solutions.

According to the firm, cybercriminal syndicate Chimborazo is distributing a rigged Excel document capable of infecting victims with the password-stealing GraceWire trojan. Before the Excel file is downloaded, however, the victim is asked to fill out a CAPTCHA form, used in legitimate scenarios to establish whether a user is human or not. 

By concealing malware behind a CAPTCHA wall, which in essence requires the user to activate the download manually, hackers are more likely to successfully bypass security systems that scan for automated malware downloads.

Microsoft Excel malware

Microsoft Security Intelligence has reportedly been tracking the work of Chimborazo at least since January, and has dubbed the ongoing Excel malware campaign Dudear.

“CHIMBORAZO, the group behind Dudear campaigns that deploy the info-stealing Trojan GraceWire, evolved their methods once again in constant pursuit of detection evasion,” the team tweeted. “The group is now using websites with CAPTCHA to avoid automated analysis.”

The group has also been seen to distribute the infected Excel file via phishing campaigns and embedded web links. In a number of recent scenarios, phishing emails link out to redirector sites or contain malicious HTML attachments. In all instances, Chimboranza leaned on the CAPTCHA technique to minimize the risk of detection.

While using CAPTCHA to evade security software is not unheard of, neither is it common - and the technique is fast becoming this particular hacking group’s modus operandi.

Chimboranza is expected to continue to adapt its method of malware delivery in the coming months in a bid to maximize infection rates and head off measures put in place by security teams. For this reason, users are advised to exercise caution when downloading unsolicited Excel files - or files of any other type - and to examine CAPTCHA widgets for signs of illegitimacy.

Via Ars Technica

Joel Khalili
Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

Latest in Security
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Oracle
Oracle denies data breach after hacker claims to hold six million records
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
Latest in News
Tesla Roadster 2
Tesla is still taking deposits on its long overdue Roadster, despite promising it would arrive in 2020
Samsung HW-Q990D soundbar with Halloween theme over the top
Samsung promises to repair soundbars bricked by its disastrous software update for free – but it'll probably involve shipping
Google Gemini AI
Gmail is adding a new Gemini AI tool to help smarten up your work emails
DJI Mavic 3 Pro
More DJI Mavic 4 Pro leaks seemingly reveal launch date, price and key features of the triple camera drone – here's what to expect
Android 16 logo on a phone
Here's how Android 16 will upgrade the screen unlocking process on your Pixel
Man sitting on sofa, drinking coffee, looking at phone in surprise
Thousands of coffee lovers warned to stop using their espresso machines immediately after reports of burns and lacerations
More about security
Oracle

Oracle denies data breach after hacker claims to hold six million records
IBM office logo

IBM to provide platform for flagship cyber skills programme for girls
Surface Laptop 7

Amazon warns customers about the Surface Laptop – and it’s not just bad news for Microsoft
See more latest
Most Popular
Surface Laptop 7
Amazon warns customers about the Surface Laptop – and it’s not just bad news for Microsoft
vector isometric illustration of a handheld gaming console
SteamOS is about to change handheld gaming PCs as HP finally considers ditching Windows 11
Oracle
Oracle denies data breach after hacker claims to hold six million records
Tesla Roadster 2
Tesla is still taking deposits on its long overdue Roadster, despite promising it would arrive in 2020
DJI Mavic 3 Pro
More DJI Mavic 4 Pro leaks seemingly reveal launch date, price and key features of the triple camera drone – here's what to expect
De'Longhi Linea Classic espresso machine on kitchen counter with hot and cold coffee drinks
I'm a qualified barista, and De'Longhi's latest espresso machine could be this year's best budget buy for coffee lovers
Man sitting on sofa, drinking coffee, looking at phone in surprise
Thousands of coffee lovers warned to stop using their espresso machines immediately after reports of burns and lacerations
Samsung HW-Q990D soundbar with Halloween theme over the top
Samsung promises to repair soundbars bricked by its disastrous software update for free – but it'll probably involve shipping
A Minecraft sheep.
Minecraft developer rejects generative AI, 'it's important that it makes us feel happy to create as humans'
Nvidia AMD
Nvidia rumors suggest it's working on two affordable GPUs to spoil AMD's party