Hackers Take Remote Control of Your PCs When You Download These Excel Spreadsheets in Emails

The Microsoft Security Intelligence Team has warned of phishing campaigns by hackers who aim to take remote control of your computers when you download malicious Excel spreadsheets attached to your emails. One of the fraudulent campaigns started on May 12 with the email subject “WHO COVID-19 SITUATION REPORT” and purportedly from Johns Hopkins Center.

Although people have been warned against opening email attachments from people they do not know or solicit, the Excel file will open with a security warning and a graph of supposed COVID-19 cases in the US if opened. Opening the unsolicited emails is not as harmful as clicking to download the attached Excel files and allowing it to run on your computer. Doing this will download the fatal Excel 4.0 macro and run NetSupport Manager which gives the hackers remote access to your computer files.

NetSupport Manager is a remote desktop access tool that is good in itself, but ambitious hackers always abuse it to access and run commands on PCs with little to no security. The Microsoft Security Intelligence Team warned that they have discovered the increased application of the coronavirus-themed fraud attempts for several months now and warned people to beware of opening and downloading files from unsolicited emails.

Analysts downloading the spammy Excel spreadsheet may also dump other nasty malware during the installation process, and this underscores the importance of having up-to-date security protections for your PC. While it is expected that your system will catch some of this malware, the best thing to do is to prevent downloading them in the first place by identifying suspicious emails that contain them.

“We’re tracking a massive campaign that delivers the legitimate remote access tool, NetSupport Manager, using emails with attachments containing malicious Excel 4.0 macros,” the Microsoft team wrote. “The COVID-19 themed campaign started on May 12 and has so far used several hundreds of unique attachments. The emails purport to come from Johns Hopkins Center bearing “WHO COVID-19 SITUATION REPORT.”

Source: zdnet.com