Phishing emails disguised as Covid-19 reports
by Nitesh KumarPhishing emails disguised as Covid-19 reports
Excel documents used as bait
(Image credit: Shutterstock)
Phishing campaigns using emails are not new, but now there is a novel approach adopted by would-be threat actors. Playing on people’s fears and concerns about the Covid-19 pandemic, a sustained phishing campaign using subject lines such as, ‘WHO Covid-19 Situation Report’ has been deployed since May 12 this year.
Microsoft Security Intelligence Team has issued an alert about a phishing campaign using Covid-19 related email attachments.
According to the Intelligence Team, this campaign 'utilises hundreds of unique Excel files with highly obfuscated formulas’. However, all of them connect to the same URL to download the payload. NetSupport Manager is popular with threat actors who want to gain remote access to and run commands on compromised machines.
If the phishing attempt is successful, the threat actor will have total access to the user’s PC, files, and programs even if the device is running an effective anti-malware or antivirus software.
While some emails are supposedly from John Hopkins University, others, seemingly, offer Covid-19 testing services and information pertaining to the virus.
- Microsoft 365 login pages may hide phishing attack
- Cisco Webex phishing attack wants to steal your logins
- Best Windows 10 antivirus of 2020
Antivirus is not a safeguard against this attack
An Excel document entitled ‘WHO Covid-19 Situation Report’ is embedded with a code that stealthily installs the popular remote access tool, NetSupport Manager. When an unsuspecting user opens such a document, the threat actor gains control of the PC, including all files and programs.
In the process, other potentially harmful malware is also installed, which, thankfully, can be detected and dealt with by the antivirus software. As NetSupport Manager is an official program, antivirus software won’t take any action against it.
Firstly, users must read all the subject lines in their email carefully before opening them. Moreover, the person sending the email should be known to the user before opening the email which supposedly offers authoritative information about Covid-19.