FP TrendingMay 21, 2020 17:03:56 IST
Microsoft has cautioned its users about a COVID-19-themed phishing attack, in which hackers send malicious Excel attachments to people through emails to get remote access.
“We’re tracking a massive campaign that delivers the legitimate remote access tool NetSupport Manager using emails with attachments containing malicious Excel 4.0 macros,” Microsoft wrote on Twitter.
The company posted a number of tweets to explain how this campaign is being run.
Microsoft logo. Representational image.
We’re tracking a massive campaign that delivers the legitimate remote access tool NetSupport Manager using emails with attachments containing malicious Excel 4.0 macros. The COVID-19 themed campaign started on May 12 and has so far used several hundreds of unique attachments. pic.twitter.com/kwxOA0pfXH
— Microsoft Security Intelligence (@MsftSecIntel) May 18, 2020
Hackers send emails that pretend to be from Johns Hopkins Center with subject “WHO COVID-19 SITUATION REPORT”. These mails include Excel files that provide graphical representation of the coronavirus data. However, in reality, they contain malicious Excel 4.0 macros.
The emails purport to come from Johns Hopkins Center bearing “WHO COVID-19 SITUATION REPORT”. The Excel files open w/ security warning & show a graph of supposed coronavirus cases in the US. If allowed to run, the malicious Excel 4.0 macro downloads & runs NetSupport Manager RAT. pic.twitter.com/gXbxZOGpZf — Microsoft Security Intelligence (@MsftSecIntel) May 18, 2020
“The hundreds of unique Excel files in this campaign use highly obfuscated formulas, but all of them connect to the same URL to download the payload,” said the company.
NetSupport Manager is used by attackers to gain remote access and run commands on compromised machines.
Microsoft has informed that it has observed a steady increase in the use of malicious Excel 4.0 macros for several months. It added that last month these campaign started approaching people using COVID-19 themes.
For several months now, we’ve been seeing a steady increase in the use of malicious Excel 4.0 macros in malware campaigns. In April, these Excel 4.0 campaigns jumped on the bandwagon and started using COVID-19 themed lures.
— Microsoft Security Intelligence (@MsftSecIntel) May 18, 2020
“The NetSupport RAT used in this campaign further drops multiple components, including several .dll, .ini and other .exe files, a VBScript, and an obfuscated PowerSploit-based PowerShell script. It connects to a C2 server, allowing attackers to send further commands,” the OS maker said.
Microsoft in April published its monthly security patch for 113 vulnerabilities across 11 products, including three zero-day bugs.
CVE-2020-1020 was one of the three zero-day vulnerabilities in the Windows Adobe Type Manager Library which allowed attackers to run code on susceptible systems. The second zero-day bug was CVE-2020-0938, it let attackers carry out attacks remotely. CVE-2020-1027 was the third one and it was found in Windows kernel.
Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.
Post a Comment