. https://blog.avira.com/new-malware-in-old-excel-skins/
blog article
Why worry about making a new malware trick when you can tweak an old Excel spreadsheet to do the job for you? Hackers are now doing just that: They are using new techniques to leverage their attacks based on a feature over 25 years old called Excel 4.0 (XLM macros). Despite the age, this feature is probably still compatible with the more modern Excel variant on your computer. It’s a minority approach as most malicious documents are based on VBA macros. But, the Excel 4.0 approach has the advantage that it is not detected by most antivirus vendors. This technique is used in fileless attacks where there is actually no payload to detect. Instead, it uses a powershell command to download the malicious payload into memory and subsequently execute it. Microsoft is Mr. Nice Guy (and that’s a problem) It’s a problem with Microsoft taking a soft approach to backwards compatibility. Microsoft stated in “Working with Excel 4.0 macros” that “Although Microsoft Excel still supports Excel 4.0 (XLM) macros, we encourage you to migrate them to the latest version of Microsoft Visual Basic for Applications (VBA)”. They also mention that they still support backward compatibility for this feature: “If you decide you’re not ready to migrate, you can still run Excel 4.0 macros.” They just don’t mention the increasing adoption of this feature for malicious purposes. Like all security concerns, backwards compatibly is a luxury that always comes back to haunt you. READ MORE