JAKARTA - Microsoft has warned its users about a phishing attack on the theme of COVID-19, in which hackers will send malicious Excel-formatted documents to people via e-mail to gain remote access.

It is known that the NetSupport Manager system is used by attackers to gain access and execute commands on remotely operated machines.

"We are tracking a massive campaign that provides a legitimate remote access tool namely NetSupport Manager using e-mails with attachments containing dangerous Excel 4.0 files," wrote the Microsoft Security Intelligence Team on Twitter as compiled from TechRadar, Friday, May 22.

The company posted a number of tweets explaining how this cyber crime is being carried out. Hackers sent emails pretending to be from Johns Hopkins Center with the subject "WHO COVID-19 SITUATION REPORT."

These emails include an Excel file that provides a graphical representation of update data on the number of coronavirus-related deaths in the US. However, the reality is that cybercriminals are using these malicious Excel attachments to infect devices with remote access trojan (RAT).

"Hundreds of unique Excel files in this campaign use a very darkened formula, but all link to the same URL to download payload," Microsoft tweeted.

NetSupport Manager itself is a fairly commonly used remote administration system. If the application is abused, there is a high chance that hackers can take over the device remotely.

Microsoft informs that it has observed a drastic increase in the use of malicious Excel 4.0 files over the past several months. He added that last month this hack began to approach people using the COVID-19 theme.

"The NetSupport RAT used in this hack has formats such as .dll, .ini, and other .exe files, VBScript, and a darkened PowerSploit-based PowerShell script. Connects to a C2 server, allowing attackers to send further commands," said the OS builders. .

Microsoft in April published monthly security patches for 113 vulnerabilities in 11 products, including three zero-day bugs. CVE-2020-1020 is one of three vulnerabilities in the Windows Adobe Type Manager Library that allow attackers to run code on a vulnerable system.

The second zero-day bug is CVE-2020-0938, allowing attackers to carry out attacks remotely. CVE-2020-1027 is the third and is found in the Windows kernel.


The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)