Microsoft warns of massive phishing campaign leveraging Excel 4.0 macros
https://www.techspot.com/news/85356-microsoft-warns-massive-phishing-campaign-leveraging-excel-40.html

"We're tracking a massive campaign that delivers the legitimate remote
access tool NetSupport Manager using emails with attachments containing
malicious Excel 4.0 macros. The COVID-19 themed campaign started on May 12
and has so far used several hundreds of unique attachments."

"The emails claim to originate from The Johns Hopkins Center with titles
like "WHO COVID-19 SITUATION REPORT." The emails contain attached Microsoft
Excel files alleged to contain statistics on Covid-19 cases, and if opened,
will use Excel 4.0 macros to install and run NetSupport Manager. While
NetSupport Manager is a legitimate tool for remote control and desktop
access, Microsoft claims it's known to be abused by attackers to run code
on compromised machines."

"From there, the NetSupport RAT (Remote Access Tool) connects to a C2
server to administer more commands, and also runs "several .dll, .ini, and
other .exe files, a VBScript, and an obfuscated PowerSploit-based
PowerShell script."
https://twitter.com/MsftSecIntel/status/1262504864694726656