It seems that almost a day doesn’t go by that we don’t learn of a new COVID-19 related cyber attack. One of the latest ones comes from Microsoft’s Security Intelligence team concerning a new widespread Covid-19 themed phishing campaign. Once again, the attackers are impersonating a trusted entity to lure unsuspecting users into harms way to steal their passwords and other data. While some may become desensitized to the growing number of phishing schemes and other attacks, we see it all adding credence and conviction to our Cybersecurity & Data Privacy investing theme.
The attack begins with potential victims receiving an email that impersonates the John Hopkins Center. This email claims to provide victims with an update on the number of coronavirus-related deaths in the US. However, attached to the email is an Excel file that displays a chart showing the number of deaths in the US.
The threat installs the NetSupport Manager remote administration tool to completely take over a user’s system and even execute commands on it remotely.
The Microsoft Security Intelligence team provided further details on this ongoing campaign in a series of tweets in which it said that cybercriminals are using malicious Excel attachments to infect user’s devices with a remote access trojan (RAT).
- Malicious Android apps use coronavirus to hack user devices
- These malicious websites could put your computer at risk
- Microsoft open-sources its coronavirus threat intelligence
When a user opens the Excel file, it then prompts them to ‘Enable Content’ and doing this executes the file’s malicious macros which download and install the NetSupport Manager client from a remote site.