Microsoft: New cybercrime phishing campaign takes advantage of NetSupport Manager. Cyber security experts: RAT is spread through malicious macros, linked to an Excel document on the coronavirus. Attention, the baits vary!
Cybercrime has launched a new covid-19 themed phishing campaign, which takes advantage of the remote access tool NetSupport Manager. Microsoft cyber security experts denounce it. Potential victims receive an email, theoretically from the John Hopkins Center, with updated reports on the spread of the coronavirus. The attached documents are all Excel 4.0 files, but the content varies. In fact, hundreds of them have been used so far. The latest shows some safety warnings and a graph of the pandemic evolution in the United States. To open it, however, user needs to enable macros. If he falls into the trap, they download and launch the NetSupport Manager. The RAT then install other components including .dll and executable files, one Virtual Basic script and another (obfuscated) in PowerShell. It’s used to connect to the C2 server, so that attackers can send other commands such as downloading malware, stealing data or performing other actions.