Microsoft: "massive" PC hacking campaign used COVID-19, Excel files

By Chris Burns/May 22, 2020 11:13 am EST

Microsoft delivered a news alert today tipping a "massive" phishing campaign using COVID-19 and Excel files to hook in unsuspecting users. Much like MOST phishing campaigns, users could avoid any harmful nonsense by avoiding downloading attached files or entering personal information prompted by email. This email campaign began on May 12, 2020, and posed as the Johns Hopkins Center to deliver a so-called "WHO COVID-19 SITUATION REPORT."

The situation reported by Microsoft Security Intelligence was described as a "massive campaign that delivers the legitimate remote access tool NetSupport Manager using emails with attachments containing malicious Excel 4.0 macros." Microsoft Security Intelligence continued, "The COVID-19 themed campaign started on May 12 and has so far used several hundreds of unique attachments."

We're tracking a massive campaign that delivers the legitimate remote access tool NetSupport Manager using emails with attachments containing malicious Excel 4.0 macros. The COVID-19 themed campaign started on May 12 and has so far used several hundreds of unique attachments. pic.twitter.com/kwxOA0pfXH

— Microsoft Threat Intelligence (@MsftSecIntel) May 18, 2020

The user would be tricked into thinking that the Excel file was from a legitimate source. Once the user opened the file, the malicious Excel 4.0 macro downloads and runs a NetSupport Manager RAT. This is particularly devious due to its use of NetSupport Manager, a completely legitimate piece of software that's SUPPOSED to be used for remote tech support.

This isn't the first COVID-19-related digital attack here in 2020, and it most certainly won't be the last. This time of uncertainty and fear for people around the world has resulted in exploitation campaigns of many sorts. Email remains the most common avenue for connecting to unsuspecting future victims of phishing campaigns – that bit wont likely change any time soon.

Trickbot remains to be one of the most common payloads in COVID-19 themed campaigns. A new Trickbot campaign that launched on May 18 uses emails that claim to offer "personal coronavirus check", an iteration of the "free COVID-19 test" we've seen in previous Trickbot spam runs. pic.twitter.com/pU2MgBNJcE

— Microsoft Threat Intelligence (@MsftSecIntel) May 19, 2020

Another recent COVID-19-related security threat reported by Microsoft included hooks like "personal coronavirus check." If you happen to get any email that suggests basically anything having to do with COVID-19 or coronavirus that'd have you download a file or enter in ANY information, it's best to stop what you're doing and check yourself before you wreck yourself. Now is a PRIME time for email-based tricks, malicious hacking campaigns, and phishing aplenty.