Threat alert: New malware attacks from Excel files

Got an Excel attachment in your email? Double-check it before downloading – it could be infected with malware.

In its 2021 Q4 Threat Insights Report, HP’s Wolf Security service detected a dramatic 588% surge in computer and network malware infections involving Excel add-in files that end in .XLL.

Double-clicking these attachments or links opens Excel, which then prompts the user to install and activate the add-in. These particular malware attacks don’t require the user to exit Excel’s Protected View and enable macros.

Prevent Excel malware sneak attacks

The HP Wolf Security report offered three different options for organizations to protect themselves from .XLL malware attacks:

1. Have IT configure your firm’s email gateway to block inbound messages that have .XLL attachments. Some email gateways already do this because .XLL files are dynamic link libraries, a type of file not typically sent by email.
2. Configure Excel to allow only add-ins from trusted publishers. From the File menu, click on Options, then select Trust Center and click on the Trust Center Settings box to the right. Trusted publishers, locations, documents and add-in catalogs are the top options in the Trust Center menu.
3. Configure Excel to disable all proprietary add-ins. This can be done under “Add-Ins” in the Excel Trust Center Settings.