While many parts of the world are preparing to slowly reopen after months of lockdown, coronavirus-related scams and malware campaigns show no signs of abating. The Microsoft Security Intelligence Team recently disclosed details on two massive coronavirus phishing campaigns duping users into downloading and opening malicious Excel files that grant hackers remote access to your PC.
Some of the emails claim to be from Johns Hopkins University, while others offer personal COVID-19 testing or similar services. The emails come with Excel documents attached with titles like “WHO COVID-19 SITUATION REPORT,” but are embedded with code that, when opened, stealthily installs the remote desktop access tool NetSupport Manager.
The emails purport to come from Johns Hopkins Center bearing "WHO COVID-19 SITUATION REPORT". The Excel files open w/ security warning & show a graph of supposed coronavirus cases in the US. If allowed to run, the malicious Excel 4.0 macro downloads & runs NetSupport Manager RAT. pic.twitter.com/gXbxZOGpZf
— Microsoft Security Intelligence (@MsftSecIntel) May 18, 2020
NetSupport Manager is an official program and totally safe to use in normal circumstances, so it can slip past your anti-malware or antivirus software without any trouble. In this case, the attackers use it to take control of your PC and access your files and programs remotely—and dump some other nasty malware on your system as part of the installation process that, hopefully, your system would be able to catch.
These aren’t the first NetSupport Manager-based phishing campaigns, and they won’t be the last. Luckily, phishing attempts are preventable and are even easier to dodge once you know what they look like.
As always, don’t open random emails—it’s a smart practice in general, but especially if they claim to be from Johns Hopkins University or some random COVID-19 testing facility. If you do open an email from an unrecognised address, don’t click any links or download files.
And no matter what, never open up a spreadsheet you weren’t expecting to receive.