Microsoft Warns of Massive COVID-19 Themed Phishing Campaign That Lets Attackers Gain Remote Access

The Microsoft Security Intelligence team has detailed how the campaign is being used to remotely access systems with malicious Excel files.

Advertisement
By Jagmeet Singh | Updated: 20 May 2020 18:50 IST
Highlights
  • Microsoft Security Intelligence has revealed the campaign through tweets
  • Malicious emails pretend to be from John Hopkins Center
  • Microsoft has provided a sample case to show the scope of the campaign

Microsoft’s researchers have found NetSupport Manager is being used to gain remote access

Microsoft says a massive COVID-19 themed phishing campaign is underway, as a part of which attackers install the NetSupport Manager remote access tool to gain remote access. The new campaign, which was detected by the Microsoft Security Intelligence team, started on May 12. The malware payload comes through malicious Excel attachments that are being sent by the attackers via emails. Notably, this isn't the first time when cyber-attackers are using COVID-19 as an opportunity to hack people. Companies including Google have already warned about the increase in such phishing attacks.

Through a series of tweets, the Microsoft Security Intelligence team has detailed the ongoing phishing attacks. The team says that the campaign delivers the NetSupport Manager using emails with attachments containing malicious Excel 4.0 macros.

As per the details provided by the Microsoft team, the attack begins with emails that pretend to come from Johns Hopkins Center and show details about the active COVID-19 cases in the US. However, in reality, the emails include Excel files that once open, show a graphical representation of the coronavirus data. However, the files also include malicious Excel 4.0 macros that will prompt users to “Enable Content”. This begins the download and installation process of the NetSupport Manager client from a remote site.

Advertisement

Microsoft's researchers have found that emails pretend to come from John Hopkins Center carry malicious Excel files
Photo Credit: Twitter/ Microsoft Security Intelligence

Advertisement

 

“For several months now, we've been seeing a steady increase in the use of malicious Excel 4.0 macros in malware campaigns. In April, these Excel 4.0 campaigns jumped on the bandwagon and started using COVID-19 themed lures,” the team notes in one of its tweets.

Advertisement

Once the remote access tool is installed on a victim's system, the attackers can access and run commands remotely.

In a particular case, the Microsoft team has noticed that the NetSupport Manager was used to drop multiple components, including some executable files and establish connectivity with a C2 server to enable further commands from the attackers.

Advertisement

Pay attention to what you're downloading from emails
Users are recommended to avoid paying attention to random emails and verify email addresses from where they're receiving new emails before downloading the included attachments. Also, it is suggested to immediately change passwords if you find any odd behaviour on your system.

How are we staying sane during this Coronavirus lockdown? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, download the episode, or just hit the play button below.

 
Post your comments

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: Microsoft Security Intelligence, Microsoft, COVID 19 phishing attacks, coronavirus, COVID 19, phishing attacks
Unannounced OnePlus TV, Remote Spotted on Bluetooth SIG Site
WhatsApp, Facebook Messenger Users Targeted by WolfRAT Android Malware: Cisco Researchers
Advertisement
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Realme P4 Power 5G Launch Today: Know Price in India, Specs and More
  2. Adobe Express Premium Is Now Free for One Year for All Airtel Users
  3. Redmi Note 15 Pro Series Launch Today: Know Price in India, Specs and More
  4. Redmi Note 15 Pro Series Will Launch in These Colourways, Storage Options
  5. The iPhone 18 Pro May Support This Feature Found on Flagship Android Phones
  6. Samsung Galaxy S26 Ultra Could Cost Less than Its Predecessor
  7. BSNL Launches Bharat Connect Prepaid; Slashes BSNL Superstar Premium Price
  8. Vivo Y31d Launched in Select Markets as a 4G-Only Handset
  9. Clawdbot (Now Moltbot) Explained: What is It and Why is It Going Viral?
  10. Samsung Galaxy A07 5G India Launch Timeline, Key Features Announced
#Latest Stories
  1. Samsung Galaxy S26 Series Spotted in Leaked Case Renders; Samsung Tipped to Launch 25W Qi2 Magnetic Wireless Charger
  2. Samsung Galaxy A07 5G India Launch Timeline Confirmed; Key Features Including 50-Megapixel Camera Confirmed 
  3. Samsung Galaxy A37 Spotted With Flat Display and New Frame Design in Leaked Renders
  4. Apple's iPhone 18 Pro Models Tipped to Offer Support for Telephoto Extender Kit, Variable Aperture Lens
  5. Vivo Y31d Launched With Snapdragon 6s 4G Gen 2 Chipset and 7,200mAh Battery
  6. Adobe Express Premium Is Now Free for One Year for All Airtel Users
  7. Samsung Galaxy S26 Ultra Tipped to Cost Less Than Predecessor; Galaxy S26, Galaxy S26+ Price Hike Unlikely
  8. Realme P4 Power 5G Launching Today: Know Price in India, Features, Specifications and More
  9. Redmi Note 15 Pro 5G, Redmi Note 15 Pro+ 5G Launching Today: Know Price in India, Features, Specifications and More
  10. Amazon Axes 16,000 Jobs as It Pushes AI and Efficiency
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.