One of the most popular and trusted platforms for work across the globe, Microsoft Excel has a new malware spotted to be hiding behind it.
According to the researchers, “Dudell” is being utilized by Rancor, Cyberespionage Group. This new malware is believed to be spread via Microsoft Excel.
What is Rancor?
Commonly known for its cyber attacks in Southeast Asia in 2017 and ‘18, Rancor is a popularly known threat group in the cyber world. Active since 2017, Rancor holds a reputation for targeting government institutions.
The word “rancor” in english dictionary particularly means “spiteful or resentful”.
What is the Dudell malware and how does it work?
The cyber threat group, Rancor, was found to be dispersing the Dudell Malware via Microsoft Excel documents. Here’s how the process works:
• Victim opens the excel document
• When “Enable Content” is clicked, the virus begins to operate.
• The running virus then locates and executes specific data under the Company field in the document’s properties.
• The primary functions of the malware are then handled and executed by a unique export trigger called “DllInstall”.
Security experts believe, this custom malware is capable of causing significant damage, such as:
• Downloading and uploading files
• Deleting files
• Taking screenshots
• Terminating specific processes
• Executing commands
• Listing folder contents
• Enumerate processes and storage volumes
Dudell discreetly steals vital technical information of the victim, including: IP address, hostname and OS details. This helps distribute the uniquely configured malware to the user’s microsoft files.
What is the solution?
IOCs (Indicators of Compromise) have been established to identify and protect against unwanted threat posed by Dudell.