BazarBackdoor malware attack launched by hackers via malicious CSV files

Hackers are using CSV text files to spread and install BazarBackdoor malware on targeted systems.

A comma-separated values (CSV) file is a text file containing lines of text with columns of data separated by commas. In many cases, the first line of text is the header, or description, for each column.

Since CSV mostly contains text and is not executable, most of the times they are treated as harmless and safe files. However, Microsoft Excel supports a feature called Dynamic Data Exchange (DDE), which can be used to execute commands whose output is inputted into the open spreadsheet, including CSV files.

Hackers are using this feature to install BazarBackdoor malware developed initially by TrickBot thread actors group. The malware can be used to gain remote access of an internal device and can be used to spread through an entire network.

NPAV recommends users to stop trusting and downloading files from untrusted sources. Even if the file or its extension seems safe, hackers can use these presumptions to gain control over your devices or networks.

Install NPAV on your devices to keep them safe and secure from all kinds of cyber attacks. Use NPAV and join us on a mission to secure the cyber world.

Sharing is caring!

Leave a Reply

Your email address will not be published. Required fields are marked *