SHEETCREEP is a C# remote access trojan (RAT) discovered by Securonix, targeting Indian diplomatic entities using a phishing lure based on a fake UAE-India event. The malware operates without a traditional command-and-control server, utilizing the Google Sheets API to communicate, which complicates detection. It employs sophisticated techniques to hide itself in legitimate system files and avoids detection by monitoring for analysis tools.
As of May 2026, 91 active victim tabs have been identified, including targets and automated sandboxes. Defenders are advised to watch for anomalous activity related to Google Sheets and scheduled tasks.