Posted On 04 Jun 2020
It looks like COVID 19 is not the only thing that’s spreading. A new COVID 19 related phishing campaign is on the rise, and Microsoft is warning you about it.
This new threat takes absolute control of a system by installing the NetSupport Manage remote administration tool.
In a series of tweets, the Microsoft security intelligence team laid out the details of this phishing campaign. It stated that these cyber attackers are infecting user’s devices with a malicious Excel file that contains a remote access trojan (RAT).
How do they do it?
First, you receive an email from the John Hopkins Center claiming to provide COVID 19 victims with updates on deaths caused by a coronavirus. Of course, this email is fake and comes with an Excel file in which there’s a chart showing the number of US coronavirus deaths.
Once you open the Excel file, you will be alerted to “Enable Content”. Once you do this, the trojan gets to work and installs the NetSupport Manager client unto your PC.
The Microsoft Security Intelligence team found that the Excel files all came from one website address.
The NetSupport Manager itself is not a malicious tool. It is a genuine remote administration tool that is being misused by hackers as a RAT. A hacker can gain complete control of a user’s computer and then control it remotely, installing more malicious tools and scripts.
They can get access to all your information, including your passwords. If you have been affected by this phishing campaign, it would be best to assume your passwords have been stolen. Completely clean your computer and then change all your passwords including passwords of other computers on your network.