icrosoft has released a warning of an ongoing COVID-19 themed phishing campaign
that allows attackers to install the NetSupport Manager remote access tool to
gain remote access of the device. Microsoft security team has provided detailed
information about this phishing campaign in a series of tweets.

?We?re tracking a massive campaign that delivers the legitimate remote access
tool, NetSupport Manager, using emails with attachments containing malicious
Excel 4.0 macros. The COVID-19 themed campaign started on May 12 and has so far
used several hundreds of unique attachments,?tweeted
[https://twitter.com/MsftSecIntel/status/1262504870176649217]Microsoft Security
Intelligence team.

As a part of the phishing campaign, hackers send emails to their target victims
that claim to come from Johns Hopkins Center with ?WHO COVID-19 SITUATION
REPORT?. These emails come with excel files, that opens with a security warning
& shows a graph of supposed coronavirus cases in the US. However, these excel
files also come with malicious excel 4.0 macro downloads which, if allowed to
run, downloads & runs NetSupport Manager RAT (remote access tool).

?For several months now, we?ve been seeing a steady increase in the use of
malicious Excel 4.0 macros in malware campaigns. In April, these Excel 4.0
campaigns jumped on the bandwagon and started using COVID-19 themed lures,?
states [https://twitter.com/MsftSecIntel/status/1262504870176649217]the tweet.

Microsoft team further states that hundreds of unique Excel files in this
campaign make use of ?highly obfuscated formulas?. They all link to the same URL
to download the payload. The NetSupport Manager tool is known for being abused
by hackers to gain remote access to devices where they then run commands.

The NetSupport RAT which is used in this COVID-19 themed phishing campaign also
comes with multiple other components, including several .dll, .ini, and other
.exe files, a VBScript, and a PowerSploit-based PowerShell script. These then
connect to a C2 server, and allows attackers to send further commands.

Also Read | Microsoft GitHub Account Reportedly Suffered A Cyberattack; Over
GB Data Stolen

Also Read | Microsoft?s Family Safety App Available In Preview For Android and
iOS Users