According to the researcher from Mimecast:
LimeRAT Malware Exploited in the Wild
Recently, Mimecast threat intelligence researchers came across a campaign which used this Excel VelvetSweatshop encryption technique to deliver LimeRAT, a malicious remote access trojan.
In this specific attack, the cybercriminals also used a blend of other techniques in an attempt to fool anti-malware systems by encrypting the content of the spreadsheet hence hiding the exploit and payload.
Once LimeRAT has landed, the attacker has many capabilities at his or her fingertips, including delivering ransomware, a cryptominer, a keylogger, or creating a bot client.
Of course, given the general capability inherent with this Excel-based malware delivery technique, any type of malware is a good candidate for delivery, so Mimecast researchers expect to see it used in many more malicious phishing campaigns in the future. Mimecast Threat Center has alerted Microsoft to this campaign.
SourceSo be watch out of some Excel coming into your inbox that is password protected. Don't used the the default password "
VelvetSweatshop" to try and unlock it, otherwise your machine are going to be compromise.
