Malware using Excel XLAM Excel Macro enabled addins to bypass protections

We have been noticing a change in the malware delivery pattern with Lokibot ( and possibly other malware) over the last few days. Instead of using the more normal Excel file extensions like XLS or XLSX  they have started to use .XLAM extensions. According to Lifewire the XLAM extension is A file with the XLAM file extension is an Excel Macro-Enabled Add-In file that’s used to add new functions to Excel. Similar to other spreadsheet file formats, XLAM files contain cells that are divided into rows and columns that can contain text, formulas, charts, images and more. Now in theory this extension should not … Continue reading →

Article Link: