Microsoft warns about new Excel malware used for phishing attack

Yolanda Curtis
May 25, 2020

Microsoft has issued a warning about a huge phishing campaign about COVID-19 that installs the NetSupport Manager administration tool, takes over the user's system, and then remotely executes commands on the computer. Attached to the email is an Excel file that displays a chart showing the number of deaths in the United States, which then prompts users to "Enable Content".

The emails is claimed to be sent from Johns Hopkins Center and comes with the title "WHO COVID-19 SITUATION REPORT". The campaign involves luring users into downloading NetSupport Manager, a remote administration tool which is commonly used by hackers to gain control of users' devices.

Once this action is carried out by an unsuspecting victim, the Excel file's malicious macros download and install the NetSupport Manager client using a remote access trojan, or RAT.

Hundreds of unique Excel files in these attacks use highly obfuscated formulas, but they all connect to the same URL to download the payload. This tool allows attackers to get remote access to any PC by running commands to take control.


This remote desktop access tool is completely official and safe, but when used by a cyber criminal it gives you access to your computer, which could be used to install malicious programs or even to gain access to confidential files that you have stored. Once the infected device has been cleaned, users should change all of their passwords as well as those belonging to other computers on their network.

Microsoft has talked about a new phishing campaign and warned about how attackers are doing it. A similar increase was also seen in Japan, Latin America, Europe, and other Asia Pacific nations.

Meanwhile, Barracuda researchers reported that from March 1 to March 23, they detected a total of 467,825 spear-phishing email attacks, 9,116 of which are linked to COVID-19.

Microsoft said the campaign based on COVID0-19 started on May 12 and it has already come up with several hundreds of unique attachment like that.


These aren't the first NetSupport Manager-based phishing campaigns, and they won't be the last.

The number of phishing attack using COVID-19 have been on the rise over the past two months. This is a big leap to just 1,188 COVID-19-related emails detected in February and 137 in January.

Johnson also urged the authorities and end-users to raise awareness about how to keep their devices secured. We show you some tricks that phishing uses to deceive users and steal their personal data by making them believe that they are on a legitimate page.


Other reports by iNewsToday

FOLLOW OUR NEWSPAPER