Saturday, April 13, 2024

Hackers Bypass Google Filters & Launching CSV Malware via Google Sheets

Cybercriminals are using new sophisticated techniques to spread CSV malware via Google sheets instead of using Microsoft Excel sheet which is often used by malicious hackers.

Cyber attackers are day today increasing and the attackers are always one step ahead to launching sophisticated cyber attackers which is very difficult to detect and mitigate.

Basically .CSV files could be opened in MS Excel when you click on a common .CSV file and interprets cells contents.

In this case, the Attacker embedded the malware dropper within the Google spreadsheet to infect the users and its launching via spam emails.

Spreading the malware via Google Spread Sheet is create more trust among the normal peoples without bothering about who send it but security community never trust it.


Google Sheets spreading .CSV dropper

Google basically implemented the sophisticated gMail and gDrive anti Malware techniques in order to avoid Malware spreading over its amazing technologies by avoiding specific file type (.exe, .dll, .zip, etc etc) over gMail.

But an attacker bypass this Google filter technique and they easily use Google Sheets as a Malware vector. anyhow, Google has been alerted about this issue but it confirmed that it’s actually an “Intended Behaviour”.

According to the researcher, Finally, an attacker could send a clear link over an instant message platform and/or over an email asking to open up a Google Sheets suggesting to the victim to open the spreadsheet locally since “MSExcel compatibility issues”. At that time if the victim downloads the Google sheets and opens up locally (with Microsoft), the attacker might infect her box”

Users need to aware of this kind of serious attacks, avoid to download links if you receive a link to a not working Google Sheets.

IOC:

  • Hashes:
    • 5e561bf9e088f8f2b9c0610fb6f61f6d7655f6a0988a0d304452d8fa73a6a628 (.CSV)
    • cd3d1b4d147a198e1a2b7e3f4370998142bf20cbdfdd3d30cf86d65b5bd40f50 (dropped)

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Website

Latest articles

Alert! Palo Alto RCE Zero-day Vulnerability Actively Exploited in the Wild

In a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its...

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...

Hackers Employ Deepfake Technology To Impersonate as LastPass CEO

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio...

Sisence Data Breach, CISA Urges To Reset Login Credentials

In response to a recent data breach at Sisense, a provider of data analytics...

DuckDuckGo Launches Privacy Pro: 3-in-1 service With VPN

DuckDuckGo has launched Privacy Pro, a new subscription service that promises to enhance user...

Cyber Attack Surge by 28%:Education Sector at High Risk

In Q1 2024, Check Point Research (CPR) witnessed a notable increase in the average...

Midnight Blizzard’s Microsoft Corporate Email Hack Threatens Federal Agencies: CISA Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive concerning a...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles