Hackers are striking with malicious Excel files.
Good, great. We don’t have enough to worry about right now, let’s go ahead and slap large-scale phishing campaigns on the pile. Ugh.
Microsoft is currently hot on the trail of a phishing campaign that has been striking email accounts for a couple of weeks now. The bait is an email claiming to be sent from the Johns Hopkins Center for Health Security with the subject line “WHO COVID-19 SITUATION REPORT,” which is obviously something people want to be tuned in on. The email has a single Microsoft Excel file attached, and if you attempt to open it and ignore the security warning, a stealth macro will download and install NetSupport Manager on your computer. NetSupport Manager is a remote access tool intended to be used only in business settings, but unfortunately, the program does not discriminate based on intent. If the program is installed on your computer, it will give hackers the ability to take direct control of it, which in turn will give them free reign of your files and information.
The emails purport to come from Johns Hopkins Center bearing "WHO COVID-19 SITUATION REPORT". The Excel files open w/ security warning & show a graph of supposed coronavirus cases in the US. If allowed to run, the malicious Excel 4.0 macro downloads & runs NetSupport Manager RAT. pic.twitter.com/gXbxZOGpZf
— Microsoft Security Intelligence (@MsftSecIntel) May 18, 2020
According to Microsoft Security Intelligence, a few hundred of these malicious emails have gone out, each with a slightly different Excel file utilizing “highly obfuscated formulas,” in their words. All of these malicious files connect to the same URL to download the viral payload, however, which has made the tracking process a little easier.
Nevertheless, pandemic-themed hacks and scams have risen in prevalence in the last couple of months because, well, of course they have. Scammers are butts and will use whatever hot-button topic gets people into their clutches. As a reminder, be extremely wary of unsolicited emails. If you receive something that you definitely did not request, do not open it, and do not open any attachments. Block the address the sent it and report it for phishing.