Microsoft: Beware of large-scale phishing campaigns that use COVID-19 and Excel files to spread panic

Microsoft today issued an alert to users to warn of “massive” phishing campaigns that use COVID-19 and Excel files to spread panic. If you can’t tell the authenticity of an email, try to avoid downloading open attachments or rushing to submit your personal information. Microsoft said the phishing campaign appeared to have started on May 12, 2020, when malicious actors, under the name of the Johns Hopkins Center, solicited the so-called WHO COVID-19 Status Report.

Microsoft: Beware of large-scale phishing campaigns that use COVID-19 and Excel files to spread panic

Microsoft’s security intelligence service called it a “massive” activity because the phishing message contained a file attachment with an Excel 4.0 macro and embedded the remote access tool NetSupport Manager. To date, it has found hundreds of unique samples.

Microsoft: Beware of large-scale phishing campaigns that use COVID-19 and Excel files to spread panic

Phishing mail senders masquerade as legitimate agencies, but after a malicious attachment is opened, the Excel 4.0 macro downloads and runs the Net ManagerSupport RAT remote access tool that is also theoretically legitimate.

Microsoft: Beware of large-scale phishing campaigns that use COVID-19 and Excel files to spread panic

Of course, this isn’t the first time we’ve seen a phishing email attack using COVID-19 to spread panic in 2020, and certainly won’t be the last.

Microsoft: Beware of large-scale phishing campaigns that use COVID-19 and Excel files to spread panic

Earlier, Microsoft also exposed a number of phishing activities under the guise of “personal screening of the new corona virus.” If you happen to receive a similar inexplicable email, be sure to be vigilant.

Microsoft: Beware of large-scale phishing campaigns that use COVID-19 and Excel files to spread panic

Typically, such phishing messages are accompanied by strange links or attachments. Ordinary users simply remember not to click to submit any personal information, or to download and open any unknown non-attachments.