Microsoft warns of ‘massive’ phishing attack pushing legit RAT
Microsoft’s Security Intelligence team has recently warned users of a phishing campaign with a COVID-19 theme that installs NetSupport Manager remote, an administration tool. The campaign is spreading the tool through various malicious Excel attachments on emails pretending to be from the Johns Hopkins Center, providing information on the number of COVID-19 deaths in the US.
The document, however, contains malicious macros and will ask the user to “enable content.” This then allows the macros to be executed, installing NetSupport Manager client from a remote site. Microsoft stated that the NetSupport Manager is a legitimate remote administration tool that is frequently manipulated as a remote access trojan. Microsoft added that the hundreds of unique Excel files featured in the campaign connect to the same URL that downloads the payload.