Microsoft Warns of Massive COVID-19 Themed Phishing Campaign That Lets Attackers Gain Remote Access

The Microsoft Security Intelligence team has detailed how the campaign is being used to remotely access systems with malicious Excel files.

Advertisement
By Jagmeet Singh | Updated: 20 May 2020 18:50 IST
Highlights
  • Microsoft Security Intelligence has revealed the campaign through tweets
  • Malicious emails pretend to be from John Hopkins Center
  • Microsoft has provided a sample case to show the scope of the campaign
Microsoft Warns of Massive COVID-19 Themed Phishing Campaign That Lets Attackers Gain Remote Access

Microsoft’s researchers have found NetSupport Manager is being used to gain remote access

Microsoft says a massive COVID-19 themed phishing campaign is underway, as a part of which attackers install the NetSupport Manager remote access tool to gain remote access. The new campaign, which was detected by the Microsoft Security Intelligence team, started on May 12. The malware payload comes through malicious Excel attachments that are being sent by the attackers via emails. Notably, this isn't the first time when cyber-attackers are using COVID-19 as an opportunity to hack people. Companies including Google have already warned about the increase in such phishing attacks.

Through a series of tweets, the Microsoft Security Intelligence team has detailed the ongoing phishing attacks. The team says that the campaign delivers the NetSupport Manager using emails with attachments containing malicious Excel 4.0 macros.

As per the details provided by the Microsoft team, the attack begins with emails that pretend to come from Johns Hopkins Center and show details about the active COVID-19 cases in the US. However, in reality, the emails include Excel files that once open, show a graphical representation of the coronavirus data. However, the files also include malicious Excel 4.0 macros that will prompt users to “Enable Content”. This begins the download and installation process of the NetSupport Manager client from a remote site.

Microsoft's researchers have found that emails pretend to come from John Hopkins Center carry malicious Excel files
Photo Credit: Twitter/ Microsoft Security Intelligence

Advertisement

 

“For several months now, we've been seeing a steady increase in the use of malicious Excel 4.0 macros in malware campaigns. In April, these Excel 4.0 campaigns jumped on the bandwagon and started using COVID-19 themed lures,” the team notes in one of its tweets.

Advertisement

Once the remote access tool is installed on a victim's system, the attackers can access and run commands remotely.

In a particular case, the Microsoft team has noticed that the NetSupport Manager was used to drop multiple components, including some executable files and establish connectivity with a C2 server to enable further commands from the attackers.

Advertisement

Pay attention to what you're downloading from emails
Users are recommended to avoid paying attention to random emails and verify email addresses from where they're receiving new emails before downloading the included attachments. Also, it is suggested to immediately change passwords if you find any odd behaviour on your system.


How are we staying sane during this Coronavirus lockdown? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, download the episode, or just hit the play button below.

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement
Popular Mobile Brands
  1. Realme 15 5G Series Launching Today: All You Need to Know
  2. Itel Super Guru 4G Max Launched in India With Built-In AI Voice Assistant
  3. AppleCare One Announced; Lets You Add Up to 3 Devices Under a Single Plan
  4. OnePlus Pad Lite Launched in India With 11-Inch Display, 9,340mAh Battery
  5. Moto G86 Power India Launch Date Confirmed: Check Features, Colour Options
  6. Pioneer VREC-H320SC Dashcam Review
  7. Google Pixel 10 Lineup Accidentally Leaked via Play Store Banner
  8. Upcoming Redmi Smartphone in India With Battery Could Be the Redmi 15 5G
  9. Redmi to Launch Two New Smartphones in India by July 24
  10. Meta Is Improving Safety for Teen Accounts on Instagram With New Features
  1. Google Pixel 10 Series Reportedly Leaked via Play Store Banner; Official Dimensions Surface
  2. AppleCare One Subscription Announced; Lets You Add Up to 3 Devices Under One Plan
  3. Realme 15 5G Series Launching Today: Know Price in India, Features and Specifications
  4. SpaceX Launches Two O3b mPOWER Satellites, Successfully Lands Falcon 9 Booster at Sea
  5. Astronomers Solve Betelgeuse’s 6-Year Dimming Mystery by Spotting Secret Companion Star
  6. Google I/O Connect India 2025: Eight Indian Startups Showcased Applications Built With Google's AI Models
  7. Microsoft Knew of SharePoint Security Flaw but Failed to Effectively Patch It, Timeline Shows
  8. Meta Announces New Safety Features for Instagram Teen Accounts, Adult-Managed Profiles for Children
  9. Itel Super Guru 4G Max Feature Phone Launched in India With 3-Inch Display, Built-In AI Voice Assistant
  10. Vivo Y400 5G to House a Bigger Battery Than the Pro-Model: Report
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.