Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins
released on 2022-12-21 @ 09:03:34 PM
A whole class of code can be introduced as so-called Office add-ins. Add-ins are simply pieces of executable code, in various formats and capabilities, that can be added to Office applications in order to enhance the application’s appearance or functionality. For quite some time, the usage of XLL files is only sporadic and it does not increase significantly until the end of 2021, when commodity malware families such as Dridex and Formbook started using it.