New COVID-19-themed Malware Campaign Spreading through Emails
Microsoft warns of a new COVID 19-related malware campaign spreading by email and using Excel 4.0 macros and NetSupport Manager to compromise systems.
The email is a favorite method for attackers to disseminate malware because it can be targeted or sent to many people at once. The main reason is that the intrusion uses the victim’s credulity as the primary means of infection.
In the case of the malware campaign identified by Microsoft, the email contains an Office file that uses the aging Excel 4.0 macros, which in turn deploy, when opened, a remote access tool named NetSupport Manager. Both are legit tools perverted by attackers to fulfill different malicious goals.
“The emails purport to come from Johns Hopkins Center bearing ‘WHO COVID-19 SITUATION REPORT'”, said Microsoft on Twitter. “The Excel files open w/ security warning & show a graph of supposed coronavirus cases in the US. If allowed to run, the malicious Excel 4.0 macro downloads & runs NetSupport Manager RAT.”
Once the NetSupport Manager RAT is deployed, further files are downloaded, including a few .dll, .ini, and other .exe files, a VBScript, and an obfuscated PowerSploit-based PowerShell script. When the procedure is complete, it connects to a Command and Control center to await further commands.
This type of attack existed before the pandemic, but the criminals have adjusted their strategy to make their emails more appealing, increasing the likelihood of someone opening it.
It goes without saying that people should not open emails and attachments from unknown sources and should always have a security solution installed on their endpoints. It’s crucial to keep macros set to Off by default in Microsoft Office.
Also, keep in mind that the government and health authorities don”t communicate with people through email or use it to send updates and situation reports. If you receive such an email, it’s likely part of a malware campaign.
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps
November 29, 2022
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022
Cyber Tips for a Spook-Free Halloween
October 26, 2022
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War
August 31, 2022