{"id":195835,"date":"2022-06-29T11:13:51","date_gmt":"2022-06-29T09:13:51","guid":{"rendered":"http:\/\/sftarticles.wpenginepowered.com\/en\/?p=195835"},"modified":"2025-07-01T20:36:44","modified_gmt":"2025-07-02T03:36:44","slug":"microsoft-excel-macro-malware","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/en\/microsoft-excel-macro-malware\/","title":{"rendered":"Scammers are still able to use Microsoft Excel to push malware"},"content":{"rendered":"\n

Excel macros can help you save time by doing repetitive tasks for you on your spreadsheets. These actions include types of data manipulation you do frequently when compiling reports. Unfortunately, however, malicious actors have also been using Excel macros as vectors for passing on malware. To fight this, earlier this year, Microsoft disabled Excel macros 4.0 by default but it looks like scammers are still able to target Excel users via macros<\/strong>, let\u2019s dig into this a little more.<\/p>\n\n\n

\r\n
\r\n
\r\n
\r\n \"Microsoft\r\n <\/div>\r\n
\r\n Microsoft Excel<\/span>\r\n Download Now<\/a>\r\n <\/div>\r\n
\r\n <\/path><\/path><\/text><\/svg>\r\n <\/div>\r\n <\/div>\r\n
\r\n <\/span>\r\n <\/div>\r\n
\r\n \r\n <\/div>\r\n <\/a>\r\n <\/div>\r\n<\/div>\n\n\n\n

Researchers at cybersecurity specialists Netskope have released a report that outlines how Excel files are still being used for malicious reasons<\/strong>. They stated that they have discovered a lot of dangerous Excel documents that can target users of older and, therefore, unprotected versions of Microsoft Excel<\/strong>.<\/p>\n\n\n\n

The infected macros they discovered are carrying a well-known trojan called Emotet<\/strong>, which is capable of stealing the victim\u2019s information<\/strong> and then dropping further instances of malware <\/strong>onto the device.<\/p>\n\n\n\n

Gustavo Palazolo, the lead researcher at Netskope, who published the report<\/a>, had this to say on the extent of the vulnerability:<\/p>\n\n\n\n

\u201cwe found 776 malicious spreadsheets submitted between June 9, 2022 and June 21, 2022, which abuse Excel 4.0 (XLM) macros to download and execute Emotet\u2019s payload. Most of the files share the same URLs and some metadata. We extracted 18 URLs out of the 776 samples, four of which were online and delivering Emotet.\u201d<\/em><\/p>\n\n\n\n

Basically, this all means that scammers are sending out Excel spreadsheets that are infected with a trojan malware called Emotet that infects devices and networks it finds its way onto. This means that once again, we are talking about a phishing scam<\/a> and the best way to defend against it, as well as ensuring you\u2019re running the latest version of Excel, is to stop it from infecting your device in the first place.<\/p>\n\n\n\n

Phishing scams try to catch you out with fake links. In this particular case, potential victims receive emails containing attachments like payment forms or other types of spreadsheet. This means that to stay alert to this scam you need to know how to spot phishing scams. To learn how to do so, check out our guide to spotting fake email scams<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Excel macros can help you save time by doing repetitive tasks for you on your spreadsheets. These actions include types of data manipulation you do frequently when compiling reports. Unfortunately, however, malicious actors have also been using Excel macros as vectors for passing on malware. To fight this, earlier this year, Microsoft disabled Excel macros … Continue reading “Scammers are still able to use Microsoft Excel to push malware”<\/span><\/a><\/p>\n","protected":false},"author":9073,"featured_media":195838,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wpcf-pageviews":0},"categories":[1015],"tags":[2523],"usertag":[],"vertical":[],"content-category":[],"class_list":["post-195835","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-app-subdomain-redirectionmicrosoft-excel"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/195835","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/users\/9073"}],"replies":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/comments?post=195835"}],"version-history":[{"count":1,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/195835\/revisions"}],"predecessor-version":[{"id":323605,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/195835\/revisions\/323605"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media\/195838"}],"wp:attachment":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media?parent=195835"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/categories?post=195835"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/tags?post=195835"},{"taxonomy":"usertag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/usertag?post=195835"},{"taxonomy":"vertical","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/vertical?post=195835"},{"taxonomy":"content-category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/content-category?post=195835"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}