Microsoft warns of a massive phishing campaign using malicious Excel macros to drop RAT and control the system.
In the campaign, more than hundreds of malicious Excel files are spread via phishing emails. These are being used to trick users to download the malicious Excel file. Further installing a RAT (Remote Access Trojan) virus that helps attackers take remotely control of the machine.
Microsoft Warns Of A “Massive” Phishing Campaign Using Malicious Excel Macros To Hijack PCs
Microsoft’s Security Intelligence team, tracks the phishing campaign as “massive“, that spread out malicious emails. The email uses COVID-19 themed campaign, that tricks users into opening the attachment containing malicious Excel 4.0 file enabled with macros.
Microsoft also mentioned that campaigns was first spotted on May 12. Since then, there were more than hundreds of different phishing attachments discovered.
The CONVID-19 Themed scam
The phishing emails claims to be from “Johns Hopkins Center” with title “WHO COVID-19 SITUATION REPORT”.
Once the receiver opens the email and open the attachment (Excel file), then it shows a security warning as “protected document“. As well as, the file shows a coronavirus graph showing cases in the U.S.
If the user downloads the malicious Excel 4.0, it automatically runs the macros that further downloads and runs NetSupport Manager.
However, the NetSupport Manager is a legit Remote Access Tool that allows to remotely access the machine for any type of remote assistance. However, the cyber-criminals uses such tools to gain remote access to the target systems. After gaining control, it can run various commands as well as uses C&C server to send and receive instruction from their attackers.
“For several months now, we’ve been seeing a steady increase in the use of malicious Excel 4.0 macros in malware campaigns. In April, these Excel 4.0 campaigns jumped on the bandwagon and started using COVID-19 themed lures,” said the Microsoft’s Security Intelligence team in a series of tweets.
Additionally, the team said that although the campaign uses more than hundreds of unique Excel files with “highly obfuscated formulas”. However, all of the files uses same URL to further download the payload of the malware.
New Trickbot Campaign Also Spotted By Microsoft
Amid the coronavirus crisis, there has been surge in malware distribution. Microsoft Warns Of New Excel Malware Campaign; Fake CAPTCHA Form.
Additionally, the Microsoft’s security team also warned of the new Trickbot campaign. The campaign started on on May 18 that uses COVID-19 scam tricks claiming as “personal coronavirus check”. Similar to “free COVID-19 test” spam that previously used to run Trickbot. Thus, the Trickbot is one of the most common payloads that is dropped using COVID-19 themed campaigns.
Protect your computer with HitmanPro Now
Although, it is very important to enable 2FA on your accounts, and use strong passwords. But to keep the passwords secure you should use a reputable Password Manager tool like Dashlane(Review).
To secure Your accounts download DashLane Password Manager Now.