Researchers have discovered a fresh campaign using Excel files to spread LimeRAT malware making use of the hardcoded, VelvetSweatshop default password for encrypted files. The hardcoded password is a well-known issue addressed in 2012 (CVE-2012-0158) that was also presented at Virus Bulletin in 2013. Mimecast said it has notified Microsoft that the vulnerability is once again being used. The new attack however, uses a different tack it sends malicious, encrypted Excel files using read-only mode.
Source: https://threatpost.com/velvetsweatshop-bug-resurrected-limerat/154310/

