[BEWARE] Microsoft Warns About Huge Coronavirus-related Phishing Attacks

Joanna Estrada
May 25, 2020

Microsoft has issued a warning about a huge phishing campaign about COVID-19 that installs the NetSupport Manager administration tool, takes over the user's system, and then remotely executes commands on the computer. "Users are sent a phishing email with an Excel attachment named "'covid_usa_nyt_8072.xls' which shows statistics on the Covid-19 deaths in the US.

In the phishing campaign that Microsoft described this week, the attacks start with messages pretending to be sent from the Johns Hopkins University, which has been a major source of news about COVID-19, offering daily updates on the number of infections and deaths worldwide.

NetSupport Manager's remote administration tool then lets a hacker hijack the user's system even execute commands on it remotely.

According to the previous post of Microsoft Security Intelligence on Twitter, the massive COVID-19-themed campaign that provides access to the remote access tool NetSupport Manager through emails containing malicious Excel 4.0 macros, is now being investigated. This allows the NetSupport Manager installation file to download onto the victim's device from a remote site controlled by the attackers, Microsoft reports.

"The hundreds of unique Excel files in this campaign use highly obfuscated formulas, but all of them connect to the same URL to download the payload", Microsoft wrote. This tool allows attackers to get remote access to any PC by running commands to take control.

One of these is a fake coronavirus tracker that could infect computers and other devices.

Microsoft has warned users about a persistent email phishing threat that targets users with a morbid, coronavirus-related lure and and a leading medical institution's likeness.

Microsoft said the campaign based on COVID0-19 started on May 12 and it has already come up with several hundreds of unique attachment like that.

Although the security group claimed that there was no overall increase in phishing attacks, Johnson said these scams have changed "to be more COVID-19 related". Reason Security gave the warning to avoid the coronavirus tracker dashboard since some of the COVID-19 maps could contain serious malware called AZORult. This is a big leap to just 1,188 COVID-19-related emails detected in February and 137 in January.

Microsoft Security Intelligence says those kind of attacks using Excel 4.0 macros have been steadily increasing. She also advised users not to click on any questionable links while enabling multi-factor authentication, which is "one way to block the harm during the crises".

Other reports by Click Lancashire

Discuss This Article