Threat actors are spamming website contact forms and discussion forums to distribute Excel XLL files that download and install the RedLine password and information-stealing malware. RedLine is an information-stealing Trojan that steals cookies, user names and passwords, and credit cards stored in web browsers, as well as FTP credentials and files from an infected device. In addition, RedLine can execute commands, download and run further malware, and create screenshots of the active Windows screen.

Websites contact forms have been spammed numerous times with different phishing lures, including fake advertising requests, holiday gift guides, and website promotions. The threat actors have also created fake websites to host the malicious Excel XLL files used to install the malware.

Source: bleepingcomputer.com