CJ Robles, Tech Times

Microsoft has issued a warning about a huge phishing campaign about COVID-19 that installs the NetSupport Manager administration tool, takes over the user's system, and then remotely executes commands on the computer.

Microsoft warns about COVID-19 phishing emails during coronavirus pandemic 

In a series of tweets, the Microsoft Security Intelligence team provided details on the scheme in which user's devices are infected with remote access trojan (RAT) malware using malicious Excel attachments.

As reported by TechRadar, Criminals send potential victims a pseudo-email from John Hopkins Center which claims to update victims with the number of coronavirus-related deaths in the US. Attached to the email is an Excel file that displays a chart showing the number of deaths in the US, which then prompts users to "Enable Content." And then the file's malicious macros would remotely download and install the NetSupport Manager client.

The Microsoft Security Intelligence team explained in a tweet that all Excel files used in the campaign connect to the same URL. The tweet said: "NetSupport Manager is known for being abused by attackers to gain remote access to and run commands on compromised machines."

NetSupport Manager is a legitimate remote administration tool but is a favorite by hackers who use it as a RAT. If the NetSupport Manager is installed on the computer, hackers gain complete control over the device and remotely perform commands on it. The RAT will further compromise the victim's computer by installing extra tools and scripts.

Meanwhile, phishing campaign victims should take extra caution as their data has been already compromised. They should have the devices wiped clean and change all of their passwords.

Hackers taking advantage of employees working from home

Last month, Microsoft warned about a significant spike in COVID-19 related phishing attacks on pandemic hotspots that include China, the US, and Russia. A similar increase was also seen in Japan, Latin America, Europe, and other Asia Pacific nations.

Microsoft experts claim this trend is due to increased remote working around the world.

person using black laptop
(Photo : Sebastian Herrmann/Unsplash)
person using black laptop

Microsoft's Corporate Vice-President for Cybersecurity Solutions Group Ann Johnson said they are blocking about 24,000 phishing emails daily and have seen 116 pandemic-related scams.

Johnson also said her group has seen "about 2,300 unique HTML attachments themed as COVID financial compensation in one campaign alone" while they were able to block 18,000 coronavirus-themed URLs and IP addresses in a day.

Although the security group claimed that there was no overall increase in phishing attacks, Johnson said these scams have changed "to be more COVID-19 related."

Meanwhile, Barracuda researchers reported that from March 1 to March 23, they detected a total of 467,825 spear-phishing email attacks, 9,116 of which are linked to COVID-19. This is a big leap to just 1,188 COVID-19-related emails detected in February and 137 in January.

Despite the increase in attacks, Johnson confidently said the company is prepared to combat these security threats.

"We have a lot of technologies to help protect customers and block attacks through machine learning by using 8 trillion data threat signals per day to understand what is good and what is bad," Microsoft's security chief said.

Johnson also urged the authorities and end-users to raise awareness about how to keep their devices secured. She also advised users not to click on any questionable links while enabling multi-factor authentication, which is "one way to block the harm during the crises."

Read also: Bluetooth Devices Numbering the Billions are Vulnerable to BIAS Hacks; Study Finds

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags: Microsoft COVID-19 Cybersecurity phishing Coronavirus
Join the Discussion