<p>Microsoft has issued a warning to its customers regarding the new Covid-19 email phishing campaign.</p>
<p><img class="alignnone size-full wp-image-3558" src="https://www.wincert.net/wp-content/uploads/2020/02/email-3249062_640.png" alt="" width="640" height="358" /></p>
<p>The attack begins when a potential victim receives an email that impersonates the John Hopkins Center. This email claims to have an update on the number of coronavirus-related deaths in the United States with the attached excel file that displays a chart with the number of deaths in the US. When a user opens the attached file and clicks on the &#8216;Enable Content&#8217; macro warning prompt, a NetSupport Manager client software is downloaded and installed from a remote site.</p>
<p>NetSupport Manager in this case is being used as a remote access trojan (RAT) that can completely take over a compromised system and execute commands remotely. Once the software has been installed, attackers can additionally install tools and scripts on the victims&#8217; system</p>
<p>NetSupport Manager is actually a legitimate remote administration tool software that is commonly distributed among hacking communities who use it as remote access trojan or RAT.</p>
<p>Fallen victims to this phishing campaign can be assured that their data has been compromised which also includes passwords.</p>
<p>Once the infected systems have been cleaned, users are advised to change all of their passwords as soon as possible.</p>