COVID-19 a conduit for NetSupport Manager RAT cyberattack
Cybercriminals are still capitalizing on the current COVID-19 pandemic that everyone all over the world is getting affected by it. Microsoft discovered another phishing scheme that is related to COVID-19.
The said attack starts with an email that provides information regarding the total number of deaths that are COVID-19-related in the United States and dissimulates as a legitimate email from Johns Hopkins Center. The phishing email contains an Excel file titled “covid_usa_nyt_8072.xls,” which displays a chart that shows a graph for the total number of deaths based on the New York Times.
How does it work?
Once the “Macros have been disabled” prompt was enabled by the victim, it will trigger the malicious macros to allow the installation of the NetSupport Manager client. It is a legitimate Windows-centric remote-control software that allows screen control and system management software. Hence, the malicious tool is being exploited by Cybercriminals to control a compromised machine.
Once the victim installs the NetSupport Manager on the machine, Cybercriminals will have complete control over the infected computer. They will be able to execute the commands remotely.
This application removes administration tool masquerades as a legitimate Desktop Windows Manager. Viewers looking at the Task Manager cannot easily detect the malicious app.
On this specific campaign, the NetSupport RAT is used to further drops multiple components, including several .dll, .ini, other .exe files, VBScripts, and PowerSploit-based PowerShell script. It then connects to a C2 Server that will allow attackers to send supplemental commands.
The installed NetSupport Manager RAT will be used to further compromise the victim’s computer by installing other malicious tools and scripts.
How can you protect yourself from this malware?
- Make sure to install Antivirus software on your computer for early detection of the said malware.
- Refrain from performing downloads on any file from unreliable sources.