Experts have discovered a new coronavirus-themed malware that can disguise itself as Microsoft Excel spreadsheets. It then allows hackers to access PCs remotely.
According to Lifehacker’s latest report, COVID-19 related malware campaigns and scams show no sign of subsiding as many parts of the United States are preparing to slowly open after being on lockdown for several weeks.
The details of two new massive coronavirus phishing campaigns were disclosed by the Microsoft Security Intelligence Team, stating that hackers were tricking users to download and open malicious Excel files attached to random emails allowing them to access PCs remotely. Lifehacker previously reported that cyber attackers are still at large using different malicious methods to acquire important data.
One of these is a fake coronavirus tracker that could infect computers and other devices. Reason Security gave the warning to avoid the coronavirus tracker dashboard since some of the COVID-19 maps could contain serious malware called AZORult. Hackers can extract social media logins and browser histories using the malware.
They can also gain access to the infected devices remotely, attacking cryptocurrency vaults and bank accounts. “Corona Virus Map” Windows software was allegedly accused by Reason Labs of hacking, using the same interface of the Johns Hopkins University’s tracker to look more legitimate.
According to Lifehacker, the malicious Excel spreadsheets were attached to some of the emails sent by Johns Hopkins University, while others offer personal coronavirus testing or similar services. The Excel documents attached to the malicious emails are titled as “WHO COVID-19 REPORT”. Codes are embedded in the Excel spreadsheets that sneakily install the remote desktop access tool, NetSupport Manager when the file is opened.
According to the previous post of Microsoft Security Intelligence on Twitter, the massive COVID-19-themed campaign that provides access to the remote access tool NetSupport Manager through emails containing malicious Excel 4.0 macros, is currently being investigated.
It was clarified that NetSupport Manager is an official program that can slip past antivirus software and antimalware allowing its users to safely use it in normal circumstances without any trouble.
However, the hackers took advantage of the feature to access files and software in PCs remotely, allowing them to install malicious software in the system. The coronavirus-themed malware is not the first NetSupport Manager-based phishing campaign. This phishing attempt, and others like it, can be easily prevented once the user knows what it looks like.