The malware appears to be a variant of the infamous NanoCore trojan. CSV files containing the malware payload circumvent Google filters using Google Sheets as a distribution method. A unique malware that uses Google Sheets has been discovered by well-known cyber security researcher Marco Ramili. The malware is found to be an improved version of the NanoCore RAT detected in 2014. It seems that attackers write malicious code in the cells of CSV files to automatically inject the system with the malware. Ramili who received a spam mail containing this CSV file, mentioned that one of the cells had an executable command. “A series of empty fields preceding a final and fake formula piping a CMD.exe command is spawned. By using the bitsadmin technique the attacker downloads a file called now.exe and stores it into a temporary system folder for later execution,” he said. Google Sheets as a malware vector Earlier, attackers relied on desktop applications such as Microsoft
Red Securium Company Provide Web Services | Web Development | Software Development | Digital Marketing Service | Video Marketing Service | Video Logo Service & SEO Service. www.redsecurium.org Contact Us - +91 120 429 1672