Malicious Microsoft Excel Scam Aims to Achieve Remote Access

June 2, 2020 12:41 pm Natasha Deeney

In the latest spate of COVID-19 related phishing scams, Microsoft has warned users about a new phishing campaign which uses malicious Excel macros to obtain remote access.

The phishing scam starts with an email claiming to come from the Johns Hopkins Center, a world leader in research and innovation, who provide knowledge and resources to support public health crises.

Throughout the COVID-19 pandemic, many have considered the Johns Hopkins Center as a ‘source of truth’ for both policy makers and the public around the globe.

The organisation has also become known for producing detailed analytics and maps charting COVID-19 cases.

In an attempt to lure recipients into opening the phishing campaign, the subject line states “WHO COVID-19 SITUATION REPORT”.

Attached to the email is a Microsoft Excel file that shows a graph of pandemic data, including infection and death rates in the local area.

The email prompts users to ‘Enable Content’ when the Microsoft Excel file is clicked. Once enabled, macros within the document download NetSupport Manager RAT, a legitimate Remote Access Tool which is used for troubleshooting and tech support.

When used maliciously, RATs can cause significant damage. Their ability to remotely control PCs and capture screens, keystrokes, audio, and video makes them far more dangerous than typical viruses and worms.

With this access, hackers can monitor online behaviours, access confidential information, format computer drives, distribute viruses, delete or alter files, and even watch the victims via their webcams to use for blackmail or ransom.

RATs can be difficult to detect because they do not appear in the list of the programs running on the compromised device and often do not affect the performance.

Researchers say the Microsoft Excel scam has used several hundred unique Excel attachments, making it more difficult to protect against. It also connects to a remote server, allowing attackers to issue further commands to the infected system.

In a series of tweets about the RAT campaign,  Microsoft said: “The hundreds of unique Excel files in this campaign use highly obfuscated formulas, but all of them connect to the same URL to download the payload. NetSupport Manager is known for being abused by attackers to gain remote access to and run commands on compromised machines.”

Security researchers at Microsoft commented that they have seen a “steady increase” in unsolicited email attachments containing malicious Excel  macros.

As the public seeks information about the global pandemic, cybercriminals have preyed on the heightened sense of fear in recent months. According to a recent report, the number of coronavirus-related cyberattacks has reached 192,000 per week – a jump of 30% over the previous two weeks.

How to Prevent Phishing Scams

  • Never click on links or download attachments without confirming the source.
  • Install the latest  anti-virus software solutions on all your devices. 
  • Regularly back up your data.
  • Avoid clicking on links or opening attachments within unexpected or suspicious emails.
  • Only download attachments from sources you can trust.
  • Always take time to think about a request for your personal information, and whether the request is appropriate.
  • Pay close attention to the spelling of an email or web page. If there are any inconsistencies, users should be cautious.
  • Ignore and delete emails with unexpectedly poor grammar and formatting.
  • Question the validity of any email that asks you to submit personal or financial information.
  • Use strong passwords to reduce the chance of devices being hacked.
  • Consider the use of a password manager to maintain the security of multiple accounts.

Improve Staff Cyber Security Awareness

To support organisations mitigate the risk of cyber threats during this time of uncertainty, MetaCompliance has launched a free guide, detailing 10 practical tips on how to improve staff Cyber Security awareness, right now.

In this guide, you will learn:

  • How to develop a robust Cyber Security awareness plan that decreases the risk of a data breach
  • What is required for a Cyber Security awareness program to be effective
  • Practical tips to improve staff Cyber Security awareness, that you can start implementing today

Click here to access your 10 Ways to Improve Staff Cyber Security Awareness guide.