Huge email phishing scam – here’s how to stay protected warning from Microsoft

Microsoft has issued an alert to users concerning a new widespread about Covid 19 phishing campaign!

The threat installs the NetSupport Manager remote administration tool to completely take over a user’s system and even execute commands on it remotely.

The Microsoft Security Intelligence team provided further details on this ongoing campaign in a series of tweets in which it said that cybercriminals are using malicious Excel attachments to infect user’s devices with a remote access trojan RAT

By analyzing Android telemetry data, security researchers have observed a huge spike in applications which contain either the worlds ‘covid’ or ‘corona’ and in total, the firm identified 579 apps that contained coronavirus-related keywords in their manifest.

Microsoft’s own security products, such as its Microsoft Defender Advanced Threat Protection(ATP), already provide built-in protection against these and other threats, though the company has published detailed guidance in a blog post titled “Responding to COVID-19 together” in order to help organizations combat them as well.

The attack begins with potential victims receiving an email that impersonates the John Hopkins Center. This email claims to provide victims with an update on the number of coronavirus-related deaths in the US. However, attached to the email is an Excel file that displays a chart showing the number of deaths

When a user opens the Excel file, it then prompts them to ‘Enable Content’ and doing this executes the file’s which download and install the NetSupport Manager client from a remote site.

The Microsoft Security Intelligence team explained that all of the different Excel files used in the campaign all connect to the same URL, saying:

“The hundreds of unique Excel files in this campaign use highly obfuscated formulas, but all of them connect to the same URL to download the payload. NetSupport Manager is known for being abused by attackers to gain remote access to and run commands on compromised machines.”

If you have fallen to this phishing , clean your device , change passwords and also all other computers on the same network !

For more updates and security news reach out our blog post on how to Avoid online scams .