Microsoft delivered a news alert today tipping a “massive” phishing campaign using COVID-19 and Excel files to hook in unsuspecting users. Much like MOST phishing campaigns, users could avoid any harmful nonsense by avoiding downloading attached files or entering personal information prompted by email. This email campaign began on May 12, 2020, and posed as the Johns Hopkins Center to deliver a so-called “WHO COVID-19 SITUATION REPORT.”
The situation reported by Microsoft Security Intelligence was described as a “massive campaign that delivers the legitimate remote access tool NetSupport Manager using emails with attachments containing malicious Excel 4.0 macros.” Microsoft Security Intelligence continued, “The COVID-19 themed campaign started on May 12 and has so far used several hundreds of unique attachments.”
The user would be tricked into thinking that the Excel file was from a legitimate source. Once the user opened the file, the malicious Excel 4.0 macro downloads and runs a NetSupport Manager RAT. This is particularly devious due to its use of NetSupport Manager, a completely legitimate piece of software that’s SUPPOSED to be used for remote tech support.
This isn’t the first COVID-19-related digital attack here in 2020, and it most certainly won’t be the last. This time of uncertainty and fear for people around the world has resulted in exploitation campaigns of many sorts. Email remains the most common avenue for connecting to unsuspecting future victims of phishing campaigns – that bit wont likely change any time soon.
Another recent COVID-19-related security threat reported by Microsoft included hooks like “personal coronavirus check.” If you happen to get any email that suggests basically anything having to do with COVID-19 or coronavirus that’d have you download a file or enter in ANY information, it’s best to stop what you’re doing and check yourself before you wreck yourself. Now is a PRIME time for email-based tricks, malicious hacking campaigns, and phishing aplenty.