Microsoft warns of huge email phishing scam - here’s how to stay protected

Yet another reason to avoid opening any Covid-19 related emails in your inbox

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Microsofthas issued an alert to users concerning a new widespreadCovid-19 themed phishing campaign.

The threat installs the NetSupport Manager remote administration tool to completely take over a user’s system and even execute commands on it remotely.

The Microsoft Security Intelligence team provided further details on this ongoing campaign in aseries of tweetsin which it said that cybercriminals are using malicious Excel attachments to infect user’s devices with a remote access trojan (RAT).

The attack begins with potential victims receiving an email that impersonates the John Hopkins Center. This email claims to provide victims with an update on the number of coronavirus-related deaths in the US. However, attached to the email is an Excel file that displays a chart showing the number of deaths in the US.

When a user opens the Excel file, it then prompts them to ‘Enable Content’ and doing this executes the file’smalicious macroswhich download and install the NetSupport Manager client from a remote site.

Covid-19 phishing

Covid-19 phishing

In atweet, the Microsoft Security Intelligence team explained that all of the different Excel files used in the campaign all connect to the same URL, saying:

“The hundreds of unique Excel files in this campaign use highly obfuscated formulas, but all of them connect to the same URL to download the payload. NetSupport Manager is known for being abused by attackers to gain remote access to and run commands on compromised machines.”

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

While the NetSupport Manager is actually a legitimate remote administration tool, it is commonly distributed among hacking communities who use it as a RAT. Once a user unknowingly installs the NetSupport Manager on their computer, it allows hackers to gain complete control over the infected machine and execute commands on it remotely. The NetSupport Manager RAT is then used to compromise a victim’s computer further by installing additional tools and scrips.

Those who have fallen victim to this phishing campaign should assume that their data has been compromised and that hackers have tried to steal their passwords. Once the infected device has been cleaned, users should change all of their passwords as well as those belonging to other computers on their network.

ViaBleepingComputer

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

Washington state court systems taken offline following cyberattack

Is it still worth using Proton VPN Free?

7 myths about email security everyone should stop believing