Microsoft today issued an alert to users to warn of “massive” phishing campaigns that use COVID-19 and Excel files to spread panic. If you can’t tell the authenticity of an email, try to avoid downloading open attachments or rushing to submit your personal information. Microsoft said the phishing campaign appeared to have started on May 12, 2020, when malicious actors, under the name of the Johns Hopkins Center, solicited the so-called WHO COVID-19 Status Report.
Microsoft’s security intelligence service called it a “massive” activity because the phishing message contained a file attachment with an Excel 4.0 macro and embedded the remote access tool NetSupport Manager. To date, it has found hundreds of unique samples.
Phishing mail senders masquerade as legitimate agencies, but after a malicious attachment is opened, the Excel 4.0 macro downloads and runs the Net ManagerSupport RAT remote access tool that is also theoretically legitimate.
Of course, this isn’t the first time we’ve seen a phishing email attack using COVID-19 to spread panic in 2020, and certainly won’t be the last.
Earlier, Microsoft also exposed a number of phishing activities under the guise of “personal screening of the new corona virus.” If you happen to receive a similar inexplicable email, be sure to be vigilant.
Typically, such phishing messages are accompanied by strange links or attachments. Ordinary users simply remember not to click to submit any personal information, or to download and open any unknown non-attachments.