Microsoft's Security Intelligence team has recently issued a warning to users regarding a new COVID-19 related email phishing campaign.
The campaign installs a NetSupport Manager tool to gain control over a user's computer and even run commands on it. The tool can also install extra tools and scripts.
Microsoft has also mentioned that the attackers are using malicious Excel attachments to infect the user's device with a remote access trojan (RAT) virus.
Victims receive an email claiming to be from John Hopkins Center which offers them an update on the number or coronavirus-related deaths in America. But the email consists of an Excel file attachment that consists of a chart showing the number of deaths in the USA. When the victim clicks on the file to open it, it asks them to 'Enable Content', clicking on which downloads the NetSupportManager from a remote site.
“The hundreds of unique Excel files in this campaign use highly obfuscated formulas, but all of them connect to the same URL to download the payload. NetSupport Manager is known for being abused by attackers to gain remote access to and run commands on compromised machines,” explained Microsoft.
The NetSupport Manager is a genuine tool but cybercriminals make use of it to hack into computers and steal data. If users suspect that their device has been attacked, they would immediately have it cleaned and change all of their passwords on their computer as well as others connected via the same network.