Saturday, 6 June 2020

Microsoft says attackers using Excel for phishing campaign

Microsoft has talked about a new phishing campaign and warned about how attackers are doing it. It says the attack involves malware-infected Excel files that are attached in mails with subject retailed to COVID-19. The company’s cybersecurity division has been tracking such campaigns which seem to have started on May 12. This campaign is being used to get remote access of computers by luring them into opening the mail attachment.


The emails is claimed to be sent from Johns Hopkins Center and comes with the title “WHO COVID-19 SITUATION REPORT”. If you open the Excel file attached in the mail, you will see graph of coronavirus cases in the US. And if you run the program, the file also downloads the NetSupport Manager. This is popular tool used to take remote access of the PC. And in this case it allows attackers to take control which is not ideal.


While NetSupport Manager is a legitimate remote access tool, it’s known for being abused by attackers to gain remote access to – and run commands on – compromised machines, Microsoft said.


For several months now, we’ve been seeing a steady increase in the use of malicious Excel 4.0 macros in malware campaigns. In April, these Excel 4.0 campaigns jumped on the bandwagon and started using COVID-19 themed lures,” Microsoft’s Security Intelligence explained through these tweets.


Watch Video: Top 5 apps providing free services during coronavirus pandemic


More attackers are now using Covid-19 related campaigns to instill fear in the users. Reports from various security agencies have talked about number of COVID related URLs being registered. And used by the attacker in mails with subject line that grabs your attention.


If you want to avoid falling for such phishing attacks, we’d recommend you to not open mails from unknown sender. Also, do check the website URl before clicking on it. Opening unknown website could handover control of your PC to the attacker.