If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Microsoft warns of massive phishing campaign leveraging Excel 4.0 macros
Microsoft warns of massive phishing campaign leveraging Excel 4.0 macros
https://www.techspot.com/news/85356-microsoft-warns-massive-phishing-campaign-leveraging-excel-40.html "We're tracking a massive campaign that delivers the legitimate remote access tool NetSupport Manager using emails with attachments containing malicious Excel 4.0 macros. The COVID-19 themed campaign started on May 12 and has so far used several hundreds of unique attachments." "The emails claim to originate from The Johns Hopkins Center with titles like "WHO COVID-19 SITUATION REPORT." The emails contain attached Microsoft Excel files alleged to contain statistics on Covid-19 cases, and if opened, will use Excel 4.0 macros to install and run NetSupport Manager. While NetSupport Manager is a legitimate tool for remote control and desktop access, Microsoft claims it's known to be abused by attackers to run code on compromised machines." "From there, the NetSupport RAT (Remote Access Tool) connects to a C2 server to administer more commands, and also runs "several .dll, .ini, and other .exe files, a VBScript, and an obfuscated PowerSploit-based PowerShell script." https://twitter.com/MsftSecIntel/status/1262504864694726656 |
Ads |
#2
|
|||
|
|||
Microsoft warns of massive phishing campaign leveraging Excel 4.0 macros
On Mon, 25 May 2020 00:33:24 -0000 (UTC), Arlen Holder wrote:
Microsoft warns of massive phishing campaign leveraging Excel 4.0 macros https://www.techspot.com/news/85356-microsoft-warns-massive-phishing-campaign-leveraging-excel-40.html "We're tracking a massive campaign that delivers the legitimate remote access tool NetSupport Manager using emails with attachments containing malicious Excel 4.0 macros. The COVID-19 themed campaign started on May 12 and has so far used several hundreds of unique attachments." "The emails claim to originate from The Johns Hopkins Center with titles like "WHO COVID-19 SITUATION REPORT." The emails contain attached Microsoft Excel files alleged to contain statistics on Covid-19 cases, and if opened, will use Excel 4.0 macros to install and run NetSupport Manager. While NetSupport Manager is a legitimate tool for remote control and desktop access, Microsoft claims it's known to be abused by attackers to run code on compromised machines." "From there, the NetSupport RAT (Remote Access Tool) connects to a C2 server to administer more commands, and also runs "several .dll, .ini, and other .exe files, a VBScript, and an obfuscated PowerSploit-based PowerShell script." https://twitter.com/MsftSecIntel/status/1262504864694726656 What's dangerous is not the phishing mails or the malware code which comes with them. It's the victims. |
#3
|
|||
|
|||
Microsoft warns of massive phishing campaign leveraging Excel 4.0 macros
Arlen Holder wrote:
Microsoft warns of massive phishing campaign leveraging Excel 4.0 macros https://www.techspot.com/news/85356-microsoft-warns-massive-phishing-campaign-leveraging-excel-40.html "We're tracking a massive campaign that delivers the legitimate remote access tool NetSupport Manager using emails with attachments containing malicious Excel 4.0 macros. The COVID-19 themed campaign started on May 12 and has so far used several hundreds of unique attachments." "The emails claim to originate from The Johns Hopkins Center with titles like "WHO COVID-19 SITUATION REPORT." I've gotten bunches of emails recently with Excel macro-enabled files (xlsm) attached. I think I've seen this one, but most of them purport to be bills from someplace I've heard of but have not done any business with. NOD32 is doing a pretty good job of weeding them out. -- Tim Slattery tim at risingdove dot com |
Thread Tools | |
Display Modes | |
|
|