The attacker can select an option to get external data and set up a query to a remote text file.
The text file should be written with tab spaces between words to specify different fields in the spreadsheet.
By right-clicking on the cell and selecting Data Range Properties, the attacker can configure the query to update on open or even regularly (in the background).