Microsoft: Beware this
May 22, 2020 2 mins, 1 sec
Hundreds of different Excel files have been used to trick PC users into installing a remote access tool that attackers can use to control their machine.

| Topic: Security.

Microsoft's Security Intelligence team has warned that it has been tracking a "massive" phishing campaign that attempts to install a remote access tool onto PCs by tricking users into opening email attachments containing malicious Excel 4.0 macros.

Microsoft said the COVID-19 themed campaign started on May 12, and has so far used several hundreds of unique attachments.

The emails being sent out claim to come from the Johns Hopkins Center bearing the title "WHO COVID-19 SITUATION REPORT".

If the recipient attempts to open the attached Excel files it will open with a security warning, and show a graph of supposed coronavirus cases in the US.

But if allowed to run, the malicious Excel 4.0 macro also downloads and runs NetSupport Manager.

While NetSupport Manager is a legitimate remote access tool, it's known for being abused by attackers to gain remote access to – and run commands on – compromised machines, Microsoft said.

"For several months now, we've been seeing a steady increase in the use of malicious Excel 4.0 macros in malware campaigns.

In April, these Excel 4.0 campaigns jumped on the bandwagon and started using COVID-19 themed lures," Microsoft's Security Intelligence team said in a series of tweets.

The team said that while the hundreds of unique Excel files in this campaign use "highly obfuscated formulas", all of them connect to the same URL to download the payload.

This is not the only new security threat Microsoft's security team has spotted: it has also warned of a new Trickbot campaign, launched on May 18, that uses emails claiming to offer a "personal coronavirus check" – a variation of the "free COVID-19 test" seen in previous Trickbot spam runs.

Trickbot remains one of the most common payloads in COVID-19 themed campaigns. .

| Topic: Security.

How remote working has forced us to look beyond the traditional PC, to Raspberry Pis, Linux laptops, Chromebooks and more.

Windows malware opens RDP ports on PCs for future remote access

Security experts believe the malware's operators are very likely to sell access to infected hosts to other hacker groups

Mozilla-created programming language Rust could one day help Microsoft kill a large chunk of its worst security bugs

The security flaw could be used to trick the service into connecting to malicious processes

The botnet is being spread through the RIG exploit kit and COVID-19 spam campaigns


1. 100+ Black Owned Businesses to Support in Denver - 303 Magazine
Jun 01, 2020 # entertainment 3 mins, 7 secs
2. In New York, protesters clash with police as demonstrations hit cities across the country - NBC News
May 31, 2020 # politics 2 mins, 0 secs
3. Blood clots likely one of the 'major hallmarks' in coronavirus deaths, LSU researchers say - NOLA.com
May 28, 2020 # health 1 min, 48 secs
4. Dow Jones Jumps 150 Points Amid Trump Comments And Civil Unrest; Apple In Buy Zone - Investor's Business Daily
Jun 02, 2020 # politics 1 min, 28 secs
5. A night of ‘absolute chaos’ as outrage over George Floyd’s death spreads across America
May 30, 2020 # breaking 2 mins, 16 secs
6. New Coronavirus Losing Potency, Top Italian Doctor Says - http://hamodia.com
May 31, 2020 # health 42 secs
7. The will of 'Tiger King' star Carole Baskin's missing husband Don Lewis was forged, sheriff says - WTHR
Jun 04, 2020 # entertainment 56 secs
8. ‘He needed a different fit’: YouTuber, husband place adopted 4-year-old son with autism with ‘new mommy’ in ‘forever home’ - WJW FOX 8 News Cleveland
May 28, 2020 # entertainment 33 secs
9. NYPD cop possibly hit with brick at George Floyd protest shares gory photo - New York Post
May 30, 2020 # science 21 secs
10. Health organization: don't reopen if virus continues spreading - Mexico News Daily
Jun 02, 2020 # health 1 min, 2 secs
11. Samantha Ware reacts to Lea Michele's apology, Amber Riley weighs in - Page Six
Jun 04, 2020 # politics 1 min, 18 secs
12. Flower Moon Script Changes Scared Paramount – - /FILM
May 29, 2020 # entertainment 56 secs
13. Google pulls popular app that helped remove Chinese apps from phones - The Verge
Jun 03, 2020 # technology 23 secs
14. CONFIRMED: Walt Disney World Cancelling All Dining Reservations, Experiences, Disney Dining Plans, and FastPass+; Official Details Released - wdwnt.com
May 29, 2020 # entertainment 26 secs
15. Facebook employees stage a virtual walkout over Zuckerberg's inaction on Trump posts - CNN
Jun 01, 2020 # politics 1 min, 16 secs
16. Bizarre Fortnite bug causes an infinite no-storm game - FortniteINTEL
Jun 02, 2020 # technology 1 min, 42 secs

SUBSCRIBE

Get monthly updates and free resources.

CONNECT WITH US

© Copyright 2020 365NEWSX - All RIGHTS RESERVED