Monday, May 25, 2020

Phishing emails disguised as Covid-19 reports

Phishing campaigns using emails are not new, but now there is a novel approach adopted by would-be threat actors. Playing on people’s fears and concerns about the Covid-19 pandemic, a sustained phishing campaign using subject lines such as, ‘WHO Covid-19 Situation Report’ has been deployed since May 12 this year.

Microsoft Security Intelligence Team has issued an alert about a phishing campaign using Covid-19 related email attachments. 

According to the Intelligence Team, this campaign 'utilises hundreds of unique Excel files with highly obfuscated formulas’. However, all of them connect to the same URL to download the payload. NetSupport Manager is popular with threat actors who want to gain remote access to and run commands on compromised machines.

If the phishing attempt is successful, the threat actor will have total access to the user’s PC, files, and programs even if the device is running an effective anti-malware or antivirus software. 

While some emails are supposedly from John Hopkins University, others, seemingly, offer Covid-19 testing services and information pertaining to the virus.

Antivirus is not a safeguard against this attack

An Excel document entitled ‘WHO Covid-19 Situation Report’ is embedded with a code that stealthily installs the popular remote access tool, NetSupport Manager. When an unsuspecting user opens such a document, the threat actor gains control of the PC, including all files and programs. 

In the process, other potentially harmful malware is also installed, which, thankfully, can be detected and dealt with by the antivirus software. As NetSupport Manager is an official program, antivirus software won’t take any action against it.

Firstly, users must read all the subject lines in their email carefully before opening them. Moreover, the person sending the email should be known to the user before opening the email which supposedly offers authoritative information about Covid-19. 

Via: LifeHacker

0 comments:

Post a Comment

!!!!!!!!!!

Popular Posts

Blog Archive