PSA: Scary Guys Launch Phishing Campaign with Fake Covid-19 Stats

Mmo
PSA: Scary Guys Launch Phishing Campaign with Fake Covid-19 Stats

According to Microsoft security researchers, there has been a "steady increase" in unsolicited email attachments containing malicious Excel 4.0 macros. This is part of a "massive campaign" to infect PCs with malware under the guise of providing the latest statistics on Covid-19.

Phishing scams are not new, but according to Microsoft (via ZDNet), this latest campaign only began about a week ago and "has used hundreds of unique attachments so far." [It is disguised as an email from the Johns Hopkins Center labeled "WHO COVID-19 SITUATION REPORT. The Excel file opens with a security warning and displays a graph of estimated cases of coronavirus in the United States. If allowed to run, a malicious Excel 4.0 macro downloads and executes the NetSupport Manager RAT," Microsoft said on Twitter.

In general, according to Microsoft, the number of malicious Excel 4.0 macros used in malware campaigns was already on the rise before this campaign. Since April, however, the company has been using Covid-19 as bait to lure victims.

The hundreds of malicious Excel 4.0 macros used in this latest phishing campaign all connect to the same URL and deliver the virus payload to the victim's PC. Once infected, attackers can gain remote access to execute commands on the system and even install more malware.

In another Twitter thread, Microsoft detailed a different but similar "Trickbot" campaign. These phishing emails purport to offer a "personal Corona virus check" in order to trick victims into opening a malicious Excel attachment. According to Microsoft, this is "one of the most common payloads in Covid-19-themed campaigns."

But this is not all. Last month, Trend Micro warned about several types of malware posing as Covid-19 information, including one that renders PCs unbootable by overwriting the master boot record.

Smart computing habits remain the best defense. These include not downloading or opening unexpected e-mail attachments and not typing URLs directly into a browser.

Still, it would be a good time to warn less knowledgeable family and friends to beware of this sort of thing.

Categories