Beware of any email containing Coronavirus reports! Microsoft warns users about hackers trying to steal your data

Microsoft Corporation is warning all users to steer clear of any suspicious mail they receive.

Microsoft Corporation is warning all users to steer clear of any suspicious mail they receive. The company is tracking a massive phishing campaign which the hackers are leading. However, the hackers gain remote access to any PC by tricking users to open a malicious Excel 4.0 macro. The entire cyber attack campaign started on May 12, 2020. The cybercriminals are targeting the COVID-19 campaign, in order to spread malware. Hundreds of unique attachments are causing such problems for the people out there.

All of these emails bear the title of the research institute, Johns Hopkins Center.  The subject line reads something similar to that of “COVID-19 SITUATION REPORT WHO OFFICIAL“. However, if you attempt to open this file, it will open a malicious Excel 4.0 macro in your system. This macro will download and run the NetSupport Manager remotely in your system in order to gain access.

Also Read: The all-new 2020 Windows 20H2 update does not solve Microsoft’s problem! Experts claim it is a minor bug fix

 Microsoft Cybersecurity: Coronavirus hacker

NetSupport Manager in itself is not a malicious file. It is indeed a legal remote access tool, that let’s access the system of a user by taking their permission. But even if the file is not malicious, the people behind it definitely are. This remote access tool is very common for being abused by attackers in order to gain control of the victim’s machine. Upon direct access the cybercriminals connect to a C&C server in order to send further commands from various attackers in the world.

Also Read: Are you curious about your friend’s new animated pictures? Facebook adds an Avatar feature in the new 2020 update, learn how to make yourself now!

The method of exploitation used here is a simple payload deployment. The Excel 4.0 macros, which seem to contain official information about something, has this URL, which leads you to download and launch this payload. Basically, you make it easier for the attacker to gain control over your system. Let us know what you think of this in the comments section below and we are proud to announce Sciencenews18 is now available on telegram, Do join it quickly!

Leave a Comment