Is The Message

A Method Bypassing Security Systems With Excel File Found


Malicious Software Group; It created malicious Excel files with a low detection level. The group attacked many companies around the world with malicious Excel files.

The methods that hackers use to hack systems are sometimes surprising. And again, a new method was discovered, causing bewilderment. The malicious software group created malicious Excel files. The level of detection of these files is significantly lower than that of security systems.

This malicious software group called Epic Manchego, discovered by security researchers in the NVISO Lab, targets companies around the world by e-mail with active and malicious Excel files. According to the NVISO statement, these are not standard Excel spreadsheets. These malicious Excel files can bypass security scanners.

Harmful Excel files

A Method Bypassing Security Systems With Excel File Found

NVISO Lab allows you to bypass security scanners not using standard Microsoft Office software, but using the .NET library called EPplus. This library can be used to create tables in many formats and even supports Excel 2019. NVISO reported that Office Open XML (OOXML) tables created by Epic Manchego do not contain compiled VBA code specifically used for Excel documents collected in Microsoft Office software.

This compiled VBA code typically contains malicious code from an attacker. NVISO claims that Epic Manchego stores malicious codes in a special VBA format that is encrypted to bypass researchers analyzing security systems and content. Although Excel uses a different method to create these malicious documents, EPplus-based tables work like any Excel document.

Harmful documents contain harmful macros. If the user who opens the Excel file clicks the activation button, these macros download and download malicious software to the victim’s computer. Finally, Trojan horse viruses such as Azorult, AgentTesla, Formbook, Matiex, and ncRat send scanners, emails, and FTP requests from users to Epic Machengo servers.

Using EPPlus to create malicious Excel files was initially beneficial to Epic Manchego. From strange Excel files, you can track past Epic Manchego operations. NVISO also identified more than 200 malicious Excel files associated with the Epic Manchego group. The first of these files was discovered on June 22.

NVISO claims that the group gained experience in this technique, and that after the first attack they increase both attacks and the complexity of attacks. He also noted that these attacks could find wider application in the future.

0 0 vote
Article Rating
Notify of
Inline Feedbacks
View all comments
If you have any copyright issues, just mail us. is the message
Would love your thoughts, please comment.x