HQ/EMEAFind out how we can help your business
A new cybercriminal campaign that uses Python-laden Excel files has become the primary vector of information-stealing malware. Based on reports, this newly uncovered sophisticated threat indicates a new chapter in cyber warfare tactics aimed at compromising personal and organisational data.
Researchers explained that the main exploit used by the hackers in this operation was the abuse of Excel 4.0 macros. Various entities have preserved this relic feature for compatibility, but cybercriminal groups have increasingly exploited it due to its potent automation capabilities.
Once exploited, macros unleash a Python script that scans the victim’s device for sensitive information, ranging from passwords to financial details and personal data. The script’s sophistication exhibits its operators’ calculated effort to bypass security detection solutions while orchestrating a covert data extraction.
The new Python-laden Excel files are the latest addition to the expanding trend of Python-based infostealing campaigns.
These Python-laden Excel files add to a growing roster of Python-powered information theft schemes. According to investigations, recent discoveries include PyPI packages distributing WhiteSnake Stealer.
The operators of this scheme have meticulously engineered their packages to target Windows and Linux systems in their quest for data and command execution. The ominous figure behind this operation, identified as “WS,” sets its sights on stealing sensitive information, including cryptocurrency wallet credentials.
Last month, a separate research sounded the alarm on a similar campaign that exploited the CVE-2023-36035 flaw within Windows SmartScreen to propagate a new iteration of the Phemedrone Stealer. This malware aims at cryptocurrency funds and communication platforms such as Telegram, Steam, and Discord, worsening the threat landscape.
Cybercriminals’ constant improvement and sophistication to avoid cybersecurity defenders has led them to develop this Python-driven info-stealer. This detail shows that organisations should also improve their proactive measures to match the upgrades of such malicious entities.
The recommended countermeasures for this campaign include defaulting to macros disabled in Microsoft Office documents and mandating routine security awareness training for all users. While not an exhaustive solution, these initiatives could aid the foundational defence against the relentless evolution of cyber adversaries’ tactics.
