Microsoft’s Security Intelligence team has warned that it has been tracking a “massive” phishing campaign that attempts to install a remote access tool onto PCs by tricking users into opening email attachments containing malicious Excel 4.0 macros.
Microsoft said the COVID-19 themed campaign started on May 12, and has so far used several hundreds of unique attachments.
The emails being sent out claim to come from the Johns Hopkins Center bearing the title “WHO COVID-19 SITUATION REPORT”. If the recipient attempts to open the attached Excel files it will open with a security warning, and show a graph of supposed coronavirus cases in the US. But if allowed to run, the malicious Excel 4.0 macro also downloads and runs NetSupport Manager