Microsoft has issued a warning to its customers regarding the new Covid-19 email phishing campaign.
The attack begins when a potential victim receives an email that impersonates the John Hopkins Center. This email claims to have an update on the number of coronavirus-related deaths in the United States with the attached excel file that displays a chart with the number of deaths in the US. When a user opens the attached file and clicks on the ‘Enable Content’ macro warning prompt, a NetSupport Manager client software is downloaded and installed from a remote site.
NetSupport Manager in this case is being used as a remote access trojan (RAT) that can completely take over a compromised system and execute commands remotely. Once the software has been installed, attackers can additionally install tools and scripts on the victims’ system
NetSupport Manager is actually a legitimate remote administration tool software that is commonly distributed among hacking communities who use it as remote access trojan or RAT.
Fallen victims to this phishing campaign can be assured that their data has been compromised which also includes passwords.
Once the infected systems have been cleaned, users are advised to change all of their passwords as soon as possible.