Microsoft Security Intelligence has issued a warning about a new type of encryption virus called Avaddon, which uses vulnerabilities in Excel 4.0 macros to spread.
According to Microsoft Security Intelligence, the wave of virus infections began in June, when hackers distributed Avaddon through a spam campaign. After infecting the victim’s computer, the virus uses vulnerabilities in Excel macros to send out copies of itself. At the same time, some signs indicate that the virus is mainly targeted at Italian users.
The virus disguises emails as official notifications from the Italian labor Inspectorate. They warn of possible violations of labor laws during the COVID-19 pandemic. The user is threatened with a fine if they do not open an attached document with malicious code. According to BleepingComputer, the average ransom for decrypting files is $900 in cryptocurrencies.
“Attacks using Excel 4.0 macros can be called outdated, but in recent months they have started to gain popularity. This technique of infection was used in a variety of malicious campaigns, including those that used decoys on the topic of coronavirus, ” Microsoft experts note.
Recall that recently reported an increase in the activity of the virus-extortionist EvilQuest, infecting computers running macOS.