Microsoft urgently warns about a phishing campaign that uses malicious Excel macros to hack PCs
Security team with Microsoft's Security Intelligence has issued an emergency warning about a "massive" fraud campaign that could affect the millions of Microsoft users they've been following for days. In this campaign, the hacker will try to install the remote access tool on the target PC by tricking the victim into opening an email attachment containing a malicious Excel 4.0 macro.
According to the results of Security Intelligence's investigation, this fraudulent campaign 'follows' the hot topic currently translated as COVID-19. It started being deployed on May 12 and has so far spread hundreds of malicious, well-designed attachments to the internet environment. These malicious files will often be included in fake fake emails, from reputable sources like WHO, Johns Hopkins Center and other international public health organizations.
If the recipient tries to open the attached malicious Excel files, he or she will see the content displayed as a security warning and a chart of COVID-19 infections around the world. But if allowed to run, the malicious Excel 4.0 macro will download itself and run a program called NetSupport Manager.

Basically, NetSupport Manager is a legitimate remote access tool, but in this case, it can be abused by an attacker to gain remote access to the target computer, then customize it. intentionally run malicious commands on compromised systems, Security Intelligence warns.
'In the past few months, we have noticed a steady increase in the use of malicious Excel 4.0 macros in many malware attack campaigns. The Excel 4.0 campaigns have shown signs of booming since the beginning of April and mostly follow the theme of COVID-19 '.
- Microsoft Security Intelligence
Notably, although hundreds of malicious files have been distributed and tampered with in various attacks, they all connected to the same URL to download malicious payloads to the system. infected.
Recently, TipsMake also had a number of articles warning readers about the situation of hackers actively taking advantage of the complicated evolution of the COVID-19 epidemic to deploy online fraud and spread malware. on a global scale. In late April, Google said it successfully blocked millions of malicious COVID-19-related emails on Gmail every day.
In general, the form of malicious phishing attachments in emails has been designed more sophisticatedly but it is not new in nature. Even so, it will still be dangerous for ordinary users who do not have a lot of security knowledge.
You can turn off macros in Excel if you do not use this feature to prevent risks.
You should read it
- Excel continues to be used as a lure for online fraud with complex mechanisms
- How to identify phishing emails
- Forecast 2021: The world of security will be devastated by ransomware '
- Outlook on Android is about to add phishing email feature
- Warning of phishing attacks based on fake Zoom meetings
- Hacking court computer systems to spread malicious emails, hackers jailed for 145 months
- Hackers found a way to bypass Microsoft Office 365 Safe Links
- Hackers add new tricks to 'extort money' for victims of Covid-19 season
May be interested
- A series of supercomputers in Europe were suddenly attackedthe number of supercomputers affected in this incident amounted to more than 12.
- Detecting a Thunderbolt flaw allows a hacker to steal system data for 5 minutesrecently, international security researcher bjorn ruytenberg unexpectedly discovered a vulnerability called 'thunderspy' that exists in thunderbolt ports, allowing hackers to easily steal data.
- Many websites were hacked, changing content into gambling advertisementsmany websites have gov.vn domain names of state agencies hijacked by hackers, changing the content into advertisements for pages for online gambling website v8 *****.
- Kaspersky accused the APT32 hacker group of using the Google Play Store to spread spyware for yearskaspersky security researchers found a malicious campaign called phantomlance targeting android device users.
- Warning: Phishing attacks targeting Microsoft Teams show signs of sharp increasemicrosoft teams is reluctant to be the new target that online scammers are targeting.
- Shade Ransomware stopped working, apologized to the victims, and released 750,000 decryption keysthe people behind the operation of shadow ransomware have officially issued a statement of decommissioning, released over 750,000 decryption keys, and publicly apologized for the damage they have caused to the victims.