Microsoft has issued an alert to users concerning a new widespread Covid-19 themed phishing campaign.
This installs the NetSupport Manager remote administration tool to completely take over a user's system and even execute commands on it remotely. Cybercriminals are using malicious Excel attachments to infect user's devices with a remote access trojan. The attack begins with potential victims receiving an email that impersonates the John Hopkins Center, which claims to provide an update on the number of coronavirus-related deaths in the US. Others messages offer personal COVID-19 testing or similar services. Attached to the email is an Excel file that displays a chart. When a user opens the Excel file, it then prompts them to 'Enable Content' and doing this executes the file's malicious macros which download and install the NetSupport Manager client.
While the NetSupport Manager is actually a legitimate remote administration tool, it is commonly distributed among hacking communities. It is used to compromise a victim's computer by installing additional tools and scrips. So, never open up a spreadsheet you weren’t expecting to receive. Once the infected device has been cleaned using antivirus – antimalware software, users should change all of their passwords as well as those belonging to other computers on their network.