Microsoft Users Beware! Coronavirus-Related Malware Lurks in Excel Spreadsheets

After months of quarantine and extended stay-at-home orders, many places prepare to slowly reopen and allow people to try to get back to their routines. Most people are itching to forget about the months they spend cooped up working from home.

Everyday individuals, may look forward to the change, but for cybercriminals, that change doesn't matter. Crooks show no sign of stopping their many scams, most of which have gotten to revolve around COVID-19.

Coronavirus gripped the world, and now that it's starting to show signs of maybe letting go, or least loosening its grip a bit, people are excited. Cybercriminals remain persistent with their scheming. The deadly virus has proved quite profitable for those who care not about morality and decency, but money.

Coronavirus Plagued the World, Coronavirus-Related Malware – the Web.

Cybercriminals thrived during the pandemic. They crafted an array of phishing schemes and spread malware through a variety of malvertising campaigns. They attempted to extort businesses, organizations, and individuals via ransomware. And that's not all as there's much more.

There are countless statistics released about the exponential increase of COVID-19-related attacks.

Fig.1
Zscaler statistics about COVID-19-related attacks compared to non-Coronavirus ones from January to March. Source: zscaler.com

As you can see from the chart below, there has been an upright explosion of newly-registered sites related to Coronavirus. Suffice it to say, not all of them got created from well-wishers for the greater good. Behind most of them, you find cybercriminals with malicious intentions.

Fig.2
The growth of newly-registered COVID-19-related sites from January to the first week of April included. Source: zscaler.com

One of the latest scams, circulating the web, relates to Microsoft Excel. In case you're unfamiliar, it's a spreadsheet program that allows the user to create tables, do calculations, use graphing tools, and more. Nowadays, it also enables cybercriminals to spread malware.

A Warning From the Microsoft Security Intelligence Team.

The Microsoft Security Intelligence Team warned of two grand-scale Coronavirus-related phishing campaigns, exploiting the Excel program. The hackers behind the attack attempt to dupe users into downloading and opening corrupted Excel files. Files that allow these hackers to access the system remotely once the files have been downloaded and opened.

As stated, the corrupted Excel files, carrying the malware, get distributed via malvertising campaigns. Some of the emails, hackers spread out to unsuspecting victims-to-be, claim to come from Johns Hopkins University. Others try to lure people in with COVID-19 information, like offering testing, charts, maps, and whatnot.

The emails pop up in your inbox, along with Excel documents as attachments. The attachments carry titles, like 'WHO COVID-19 SITUATION REPORT.' That's a quite purposeful attempt by the hackers to fool you into letting your curiosity get the better of you. The files carry an embedded code that, once opened, sneakily installs the remote desktop access tool – NetSupport Manager.

Below, you can see two tweets by the Microsoft Security Intelligence account cluing web users into the scheme, and the threat of NetSupport Manager.

Fig.3
Microsoft Security Intelligence tweet warning of the dangers the malvertising campaign carries. Source: twitter.com

Fig.4
Microsoft Security Intelligence tweet displaying an example phishing email. Source: twitter.com

Living off the Land.

NetSupport Manager is a legitimate and otherwise trustworthy program. It's an official tool you can turn to in a time of need. Remote assistance systems, like NetSupport Manager, are a godsend if you're dealing with a technical PC issue you can't fix but, say, your friend can do it, from their house. TeamViewer, Logmein, and the QuickAssist are other such helpful tools, which like NetSupport Manager, can be of great use. However, cybercrooks have come to take advantage of them.

Since the program is a legitimate, verified tool, anti-malware applications don't acknowledge it as a threat, so it manages to slip past your defenses. The attackers use it as a means to an end – to seize control of your computer for their nefarious purposes. Once they control your PC, they can access the files and programs you keep on it remotely. Passwords, logins, bank credentials, email addresses, social media accounts, and private messages are just the tip of the iceberg. All that and more falls into the hands of malicious cybercriminals. Not to mention, they can dump an array of harmful malware to further corrupt your machine. There is a glimmer of hope that should the hackers attempt that, your system's defenses will manage to catch the malware as a threat, and at least warn you about it.

There is a term for what these crooks are doing. It's called 'living off the land.' To elaborate, living off the land is known as using legitimate tools in malicious, unlawful ways.

If you wish to avoid dealing with all that, you must be wary. Caution is key. Upon receiving an email, inspect it. Make sure it comes from a legitimate source – do you know the sender, do you recognize the email address, did you expect the email, every detail helps.

Once you open it, look at the grammar and punctuation. Most scammers make mistakes in their haste to send out their lure. Also, sometimes they send their scammy emails in a language they don't speak. Look at the text with great care. If it urges you to 'open a link' or 'download an attachment,' don't comply immediately. Inspect further, and make sure what you read is trustworthy and safe. Vigilance is your best friend. It can save you a ton of energy, time, and issues, which you'll otherwise spend dealing with scammers and malware. Protect yourself. Be thorough.

June 8, 2020

Leave a Reply