Cybercriminals are once again abusing macro-enabled Excel add-in (XLL) files in malware attacks at a vastly increased rate, according to new research.
HP Wolf Security revealed that .xlam files are now the seventh most commonly abused file extension in Q3 2023, rising 35 places from 42nd on the list in Q2.
XLL attacks aren’t new and researchers observed a lull in exploits at the start of 2023, but a surge in attention has been given to them in the past few months.
XLL files offer attackers greater capabilities compared to alternatives like Visual Basic for Applications (VBA) macros, which are now blocked by default courtesy of Microsoft’s 2022 intervention, a move that was seen at the time as long overdue.
