Software giant Microsoft has warned about the new COVID-19 themed phishing campaign which is most talked about today. The recent threat installs the NetSupport Manager, which is a remote administration tool that completely takes over the system of the users and is also able to execute a command. More details were given away by the Microsoft Security Intelligence team about the ongoing campaign through a series of tweets.
The Microsoft Security Intelligence informed that the online hackers are making use of a malicious Excel attachments that infects the devices of the users with the help of remote access Trojan. The attack begins with the users receiving an email that poses as the John Hopkins Centre. When the email is opened, the users read a content that gives an update on the number of coronavirus-related deaths in the United States. The email also has an attached Excel file that displays a chart that shows the number of deaths in the US.
After the user opens the Excel file it prompts the users to Enable Content and by doing this, it is able to execute the malicious macros that get downloaded and also installs the NetSupport Manager client from a remote site. The Microsoft Security Intelligence team through a Tweet has also explained about the different Excel files which are used in the campaign and all of them connect to the same URL.
The surprising thing here is that the NetSupport Manager is a tool used for remote administration and is legitimate. It is a very common tool that is distributed among the hacking communities who use it as RAT. It has to be noticed that people who have already fallen victim to the campaign should consider that their data has been compromised and that the hackers have been able to steal their passwords. This is when the users need to clean their devices completely and change all the passwords.
Photo Credits: CSO