1 min read

New COVID-19-themed Malware Campaign Spreading through Emails

Silviu STAHIE

May 25, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
New COVID-19-themed Malware Campaign Spreading through Emails

Microsoft warns of a new COVID 19-related malware campaign spreading by email and using Excel 4.0 macros and NetSupport Manager to compromise systems.

The email is a favorite method for attackers to disseminate malware because it can be targeted or sent to many people at once. The main reason is that the intrusion uses the victim’s credulity as the primary means of infection.

In the case of the malware campaign identified by Microsoft, the email contains an Office file that uses the aging Excel 4.0 macros, which in turn deploy, when opened, a remote access tool named NetSupport Manager. Both are legit tools perverted by attackers to fulfill different malicious goals.

“The emails purport to come from Johns Hopkins Center bearing ‘WHO COVID-19 SITUATION REPORT'”, said Microsoft on Twitter. “The Excel files open w/ security warning & show a graph of supposed coronavirus cases in the US. If allowed to run, the malicious Excel 4.0 macro downloads & runs NetSupport Manager RAT.”

Once the NetSupport Manager RAT is deployed, further files are downloaded, including a few .dll, .ini, and other .exe files, a VBScript, and an obfuscated PowerSploit-based PowerShell script. When the procedure is complete, it connects to a Command and Control center to await further commands.

This type of attack existed before the pandemic, but the criminals have adjusted their strategy to make their emails more appealing, increasing the likelihood of someone opening it.

It goes without saying that people should not open emails and attachments from unknown sources and should always have a security solution installed on their endpoints. It’s crucial to keep macros set to Off by default in Microsoft Office.

Also, keep in mind that the government and health authorities don”t communicate with people through email or use it to send updates and situation reports. If you receive such an email, it’s likely part of a malware campaign.

tags


Author



Right now

Top posts

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

December 21, 2021

2 min read
Online Shoppers Beware, Mobile Scams Are on the Rise

Online Shoppers Beware, Mobile Scams Are on the Rise

December 17, 2021

2 min read
The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Unknown Person Zoom-Bombs Meeting in Italian Parliament and Blasts Anime Adult Content Unknown Person Zoom-Bombs Meeting in Italian Parliament and Blasts Anime Adult Content
Silviu STAHIE

January 21, 2022

1 min read
FBI Links Diavol Ransomware to Trickbot, Offers IOCs and Mitigations FBI Links Diavol Ransomware to Trickbot, Offers IOCs and Mitigations
Filip TRUȚĂ

January 21, 2022

2 min read
Data of 500,000 already vulnerable people stolen from Red Cross Data of 500,000 already vulnerable people stolen from Red Cross
Radu CRAHMALIUC

January 20, 2022

1 min read