CATEGORIES
home News

Dangerous Phishing Malware Runs Rampant With Coronavirus Data-Infused Excel Spreadsheets

by Shane McGlaunSaturday, May 23, 2020, 03:38 PM EDT
malware theif

Malware is something that computer users have fought since the dawn of the computer age it seems. Hackers who use malware to try breach networks and user data have evolved some pretty sophisticated methods as of late. Late this week, Microsoft Security Intelligence has announced via Twitter that it's tracking a "massive campaign" that delivers a malicious payload including the remote control access tool, NetSupport Manager, using emails with an attachment that contains malicious Excel 4.0 spreadsheet macros. The email campaign tries to fool users into opening an attachment that contains Excel pages that are COVID-19 themed and full of what appears to be statistics.

Microsoft reports that the emails claim to come from Johns Hopkins Center with the notation "WHO COVID-19 SITUATION REPORT". The file that contains the malicious macros has statistics on it that claims to have a graph of the claimed coronavirus cases in the States. The file opens with a security warning that says "Macros have been disabled". If the macro is allowed to run, it will download and run NetSupport Manager RAT.

covid 19 malware excel

While Netsupport Manager is a legitimate program, it is known for being abused by attackers to gain remote access, enabling them to run commands on compromised computers. NetSupport RAT used in this campaign drops multiple components that include several .dll, .ini, and other executable files. A VBScript is also installed along with an obfuscated PowerSploit-based PowerShell script. That script connects to a command and control server and allows attackers to send more commands to the hijacked computer.

malicious email

This new malware campaign isn't the first we have seen that has bad actors attempting to take advantage of people during the COVID-19 pandemic. In March, security researchers discovered a home router DNS attack that spread coronavirus-themed malware. In that attack, the DNS settings of the router were changed to redirect the victim to a website that delivers the Oski infostealer malware as the final payload.

Tags:  Microsoft, Malware, excel, (nasdaq:msft), coronavirus, covid-19
TOP CONVERSATIONS
You Next Copilot PC Platform
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment