PSA: Terrible people are running a phishing campaign with fake Covid-19 stats

(Image credit: Pixabay (efes))

Security researchers at Microsoft say they have seen a "steady increase" in unsolicited email attachments containing malicious Excel 4.0 macros. It is part of a "massive campaign" to infect PCs with malware under the guise of providing current statistics related to Covid-19.

Phishing scams are nothing new by any stretch, but according to Microsoft (via ZDNet), this latest campaign only started around a week ago "and has so far used several hundreds of unique attachments."

"The emails purport to come from Johns Hopkins Center bearing 'WHO COVID-19 SITUATION REPORT'. The Excel files open w/ security warning & show a graph of supposed coronavirus cases in the US. If allowed to run, the malicious Excel 4.0 macro downloads & runs NetSupport Manager RAT," Microsoft stated on Twitter.

In general, Microsoft says the number of malicious Excel 4.0 macros used in malware campaigns was already on the rise before this latest campaign. Starting in April, however, they started to use Covid-19 as bait to lure in victims.

The hundreds of malicious Excel 4.0 macros used in this latest phishing campaign all connect to the same URL, which delivers a viral payload to the victim's PC. Once infected, an attacker can gain remote access to run commands on a system, and even install more malware.

In a separate Twitter thread, Microsoft detailed a different but similar "Trickbot" campaign. These phishing emails purport to offer a "personal coronavirus check" to fool victims into opening a malicious Excel attachment. According to Microsoft, this "remains one of the most common payloads in Covid-19 themed campaigns."

These are not the only ones, though. Last month, Trend Micro warned of several different types of malware masquerading as Covid-19 information, including one that makes a PC unbootable by overriding the master boot record.

Smart computing habits are still your best defense. These entail not downloading or opening unexpected email attachments, and typing URLs directly into your browser.

Still, now would be a good time to warn any less savvy family members and friends to be on the lookout for this sort of thing.

Paul Lilly

Paul has been playing PC games and raking his knuckles on computer hardware since the Commodore 64. He does not have any tattoos, but thinks it would be cool to get one that reads LOAD"*",8,1. In his off time, he rides motorcycles and wrestles alligators (only one of those is true).