Back to Insights

Voldemort Malware Exploits Google Sheets for Data Theft

News 09/03/2024 - 15:57 by Lakshmi Narayanan

The Emergence of the Potentially Perilous Voldemort Malware

A potentially perilous malware exfiltrated critical data sets from various organizations, thereby adversely impacting the likes of secure digital practices and key business processes. The perilously harmful malware termed as 'Voldemort' paved the way for the dreaded exfiltration of data sets from Google Sheets, thereby exposing the vulnerable loopholes in an adverse way.

Voldemort: The Malware Menace

The dangerous campaign has its roots in potentially emerging as impersonating forces. By effectively impersonating as tax agencies from the likes of Europe, Asia, and USA, the grudgingly dreaded campaign has targeted more than 70 organizations across the globe. With many of the organizations falling prey to the malicious antics of the threat actors, the orchestration of the Voldemort perpetration has been potentially deemed as a dangerous cyber-espionage act.

Proofpoint, the cybersecurity research firm, sternly pointed out the malicious antics displayed by the threat actor groups in orchestrating the maleficent Voldemort malware attack tend to resonate with the acts of cyber espionage. Being a backdoor-driven malware attack, Voldemort emerges as a potentially dreaded force in orchestrating perilous data exfiltration acts.

Malicious Perpetration

The threat actors adopted a malicious technique in orchestrating the perilous data exfiltration acts. By maliciously redirecting the targeted users to access search-ms URIs, the threat actors adeptly perform data exfiltration, thereby orchestrating a potential cyber-attack. The exploitation of Google AMP Cache URLs led to the perpetration of search-ms URIs, which laid the platform for the emergence of malware intrusion. The search-ms URIs serve as the Saved Search File Format, which offers the necessary leverage to the threat actors in facilitating a malicious perpetration.

With C serving as the core crux of Voldemort malware, the canny threat actor potentially invokes a Windows Shortcut File (LNK), thereby tempting the targeted user to launch the malicious LNK file. Upon launching the malicious LNK file, the execution of the Python script from PowerShell paves the way for the threat actor to orchestrate a perilously malicious breach.

By potentially exploiting the standard Google API in redirecting communication protocols, the threat actors managed to maliciously gain access to the impacted Google Sheets, thereby adversely exfiltrating the critical data sets. The maliciously menacing impact of Voldemort malware sheds light on the importance of adopting robust cybersecurity practices to thwart the likes of suspicious activities, deceptive attempts, and dubious traps.

Access Control Policies and User Authorization Restrictions effectively pave the way for organizations to thwart and counter the perils of malware threats and ransomware attacks.