A recent spear-phishing campaign has been spotted spreading a weaponized NetSupport Manager remote access tool (RAT), which is a legitimate tool used for troubleshooting and tech support. Attackers use the ongoing coronavirus pandemic as a lure, as well as malicious Excel documents, to convince victims to execute the RAT. Researchers with Microsoft’s security intelligence team said this week that that the ongoing campaign started on May 12 and has used several hundred unique malicious Excel 4.0 attachments thus far – a trend that researchers said they’ve seen steadily increase over the past month. “The hundreds of unique Excel files in this campaign use highly obfuscated formulas, but all of them connect to the same URL to download the payload,” said the researchers in a series of tweets. “For several months now, we’ve been seeing a steady increase in the use of malicious Excel 4.0 macros in malware campaigns. In April, these Excel 4.0 campaigns jumped on the bandwagon and started using COVID-19 themed lures.” The spear-phishing emails purport to come from the Johns Hopkins Center, which researches epidemics and disasters in order to “ensure that communities are resilient to major challenges,” according to its website. The emails are titled “WHO COVID-19 SITUATION REPORT” and claim to give an update on the confirmed cases and deaths related to the ongoing pandemic in the U.S. The attached malicious Excel 4.0 document (which is titled “covid_usa_nyt_8702.xls” in the sample…
0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2020-05-22 11:39:002020-05-22 11:39:00‘Coronavirus Report’ Emails Spread NetSupport RAT, Microsoft Warns
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com