Have you been busy during quarantine? If not, don’t worry — most of us haven’t been. But that statement doesn’t apply to hackers and cybercriminals, who’ve spent the COVID-19 pandemic refining their technique and creating phishing websites to steal people’s data.
It’s no exaggeration, either. Phishing attacks have reached unprecedented levels — increasing more than 30% during the past several weeks. Tap or click here to see why there are so many COVID-19 phishing schemes right now.
The issue has gotten so bad, in fact, that companies like Microsoft are keeping a watchful eye on dangerous new developments. And now, the software giant has discovered a malicious pattern of attack targeting users of Microsoft Excel. If you get an email with a spreadsheet attachment, don’t open it! Here’s why.
Massive phishing campaign uses malicious Excel files
Microsoft is alerting users to a new phishing campaign that uses specially-coded Excel files to compromise PCs. In a series of tweets, the company revealed that there are hundreds of unique variants of this malicious attachment, and all of them are quite different looking.
We’re tracking a massive campaign that delivers the legitimate remote access tool NetSupport Manager using emails with attachments containing malicious Excel 4.0 macros. The COVID-19 themed campaign started on May 12 and has so far used several hundreds of unique attachments. pic.twitter.com/kwxOA0pfXH— Microsoft Security Intelligence (@MsftSecIntel) May 18, 2020
In a predictable and unfortunate move, the campaign masquerades its emails by using the name of Johns Hopkins University — creators of the famed COVID-19 case-tracking map. Tap or click here to see the latest updates from JHU.
In the email, “JHU” claims to have a “new situation report” of COVID-19 cases in the U.S., and urges readers to click and download the attachment for more information. Of course, downloading the attachment puts a dangerous piece of malware on your computer that allows for remote access.
Once activated, the malware will connect to a command-and-control server that can issue further controls or attacks remotely.
Despite the fact that there are hundreds of unique attachment files, all of them seem to download their payload from the same URL. This indicates a coordinated, intentional effort on the part of the hackers responsible.
The campaign appears to have been first launched on May 12, which makes it relatively young. This gives potential victims a window of opportunity to learn more about the threat before it grows even larger.
With so many schemes like this one happening at the same time, it almost seems safer to not check your email anymore.
Protecting yourself from their dirty trick(bot)s
This Excel scheme isn’t the only threat Microsoft found in recent days. From May 18 onward, Microsoft discovered another phishing campaign promising a “personal coronavirus check.” No, this isn’t referring to a stimulus payment, but testing. As you may know already, English isn’t a strong suit for most of these cybercriminals.
Trickbot remains to be one of the most common payloads in COVID-19 themed campaigns. A new Trickbot campaign that launched on May 18 uses emails that claim to offer “personal coronavirus check”, an iteration of the “free COVID-19 test” we’ve seen in previous Trickbot spam runs. pic.twitter.com/pU2MgBNJcE— Microsoft Security Intelligence (@MsftSecIntel) May 19, 2020
These spam emails contain the infamous Trickbot malware, which specifically scans your computer for banking information, and is capable of infecting other computers on your network. Tap or click here to find out more about Trickbot.
As with any phishing campaign, vigilance is key. Be on the hunt for malicious Excel files (.xls, .xml, .xlsb, .xlsm, .xlsx) in particular, but avoid downloading any attachments unless you know 100% why it’s being sent to you in the first place.
And if something does happen to your computer, you can be sure your data is safe by backing it up with a reliable cloud storage system like our sponsor IDrive. Sign up today and get 90% off of your first year. Just go to IDrive.com and use promo code Kim at checkout.
Above all, be sure to ignore emails from unknown senders, and mark any unsavory messages that come through as spam. There are only two places these emails should be going from here on out — your spam folder or trash can.