Phishing campaigns using email are not new, but now potential threat actors are taking a new approach. Playing on people's fears and concerns about the Covid-19 pandemic, a sustained phishing campaign has been deployed since May 12 of this year using themes such as the "WHO Covid-19 Situation Report" . The Microsoft Security Intelligence team has issued an alert regarding a phishing campaign using attachments related to Covid-19. According to the intelligence team, this campaign "uses hundreds of unique Excel files with very obscure formulas." However, they all connect to the same URL to download the payload. NetSupport Manager is popular with threat actors who want to remotely access and execute commands on compromised machines. If the phishing attempt is successful, the threat actor will have full access to the user's PC, files, and programs, even if the device is running effective antivirus or antimalware software. While some emails come from John Hopkins University, others apparently offer Covid-19 testing services and virus-related information.
We are following a massive campaign providing the legitimate NetSupport Manager remote access tool using emails with attachments containing malicious Excel 4.0 macros. The COVID-19 themed campaign started on May 12 and has so far used several hundred unique attachments. pic.twitter.com/kwxOA0pfXH18 May 2020