BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Microsoft plans to nip in the bud the spread of malware through Excel add-ins


    A new security option will be added to Microsoft 365 as early as March of this year.

    Microsoft is working on adding XLL add-on protection for Microsoft 365 customers. The standard way is that XLL files downloaded from the Internet will be automatically blocked. Despite the potential inconvenience, this will help to cope with the growing number of malicious campaigns using this method of infection. Already this March, the option is planned to be “deployed” to the majority of existing Microsoft 365 users.

    "To combat the growing number of malware attacks in recent months, we have decided to automatically block XLL add-ons coming from the Internet," says the Redmond corporation.

    Excel XLL add-ins are dynamic link libraries (DLLs) used to extend the functionality of Microsoft Excel. Attackers use them in phishing campaigns to distribute various malicious data. XLLs are delivered to victims' computers as download links or attachments disguised as documents from trusted individuals.

    As soon as the target opens an unsigned XLL file, a warning pops up about "potential security-related content" and that "add-ons may contain viruses or other security risks." You will be prompted to enable the add-in for the current session only.

    If you ignore the Office warning (which they do in most cases) and run the add-in, it will immediately begin deploying the malware payload in the background.

    Since XLL files are executable and can be used by attackers to run malicious code, you should only open them if you are 100% sure that the add-ons are from a trusted source. Also, these files are usually not sent as email attachments, but installed by a Windows administrator. Therefore, if you receive an email or any other message that contains XLL files, you definitely should not download and open them.

    More than a year ago, in the Threat Insights Report Q4 2021, the HP Threat Analyst team reported a “nearly sixfold increase in the number of attackers using Excel add-ins.” Probably, the number of cases of malicious use of add-ons has grown even more since then, since Microsoft went to such measures.

    As Cisco Talos reported in a January report, XLL files are currently being used by both financially motivated attackers and government-backed hacker groups (APT10, FIN7, Donot, TA410).

    Such a policy of interaction with suspicious files for Microsoft is far from new. In July 2022, locks affected Office VBA macros, and in March 2021, XLM macros. Of course, all these restrictions bring a lot of inconvenience to the end user of Office, but all Microsoft's actions, one way or another, are aimed at security.

    Author DeepWeb
    Puma customer data up for sale
    Riot Games Receives Ransom Letter After Recent Hack

    Comments 0

    Add comment