1 min read

New COVID-19-themed Malware Campaign Spreading through Emails

Silviu STAHIE

May 25, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
New COVID-19-themed Malware Campaign Spreading through Emails

Microsoft warns of a new COVID 19-related malware campaign spreading by email and using Excel 4.0 macros and NetSupport Manager to compromise systems.

The email is a favorite method for attackers to disseminate malware because it can be targeted or sent to many people at once. The main reason is that the intrusion uses the victim’s credulity as the primary means of infection.

In the case of the malware campaign identified by Microsoft, the email contains an Office file that uses the aging Excel 4.0 macros, which in turn deploy, when opened, a remote access tool named NetSupport Manager. Both are legit tools perverted by attackers to fulfill different malicious goals.

“The emails purport to come from Johns Hopkins Center bearing ‘WHO COVID-19 SITUATION REPORT'”, said Microsoft on Twitter. “The Excel files open w/ security warning & show a graph of supposed coronavirus cases in the US. If allowed to run, the malicious Excel 4.0 macro downloads & runs NetSupport Manager RAT.”

Once the NetSupport Manager RAT is deployed, further files are downloaded, including a few .dll, .ini, and other .exe files, a VBScript, and an obfuscated PowerSploit-based PowerShell script. When the procedure is complete, it connects to a Command and Control center to await further commands.

This type of attack existed before the pandemic, but the criminals have adjusted their strategy to make their emails more appealing, increasing the likelihood of someone opening it.

It goes without saying that people should not open emails and attachments from unknown sources and should always have a security solution installed on their endpoints. It’s crucial to keep macros set to Off by default in Microsoft Office.

Also, keep in mind that the government and health authorities don”t communicate with people through email or use it to send updates and situation reports. If you receive such an email, it’s likely part of a malware campaign.

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read
Russian courts attacked by CryWiper malware that poses as ransomware Russian courts attacked by CryWiper malware that poses as ransomware
Graham CLULEY

December 05, 2022

2 min read
Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read