Sunday, June 7, 04:03
Home security Microsoft: Hackers use legal RAT in phishing campaign

Microsoft: Hackers use legal RAT in phishing campaign


Microsoft warns about one phishing campaign on him COVID-19, which is currently in progress and is installing it tool Remote Management NetSupport Manager.

Η team Microsoft Security Intelligence describes how this "mass campaign" spreads the tool via maliciously attached Excel documents.

The attack starts with me Phishing emails who say they come from Johns Hopkins Center, which sends an update about him number of deaths in the United States, related to him COVID-19.

There is one in this phishing email Excel file entitled «Covid_usa_nyt_8072.xls», which when opened, displays a graph showing the number of deaths in USA, based on data from them New York Times.


The document contains malicious macros and asks the user to do "Enable Content". If the user clicks, they will be executed malicious macros to download and install the NetSupport Manager client from a remote website.

“Hundreds of unique Excel files in this phishing campaign use extremely obfuscated formulas, but they all lead to the same URL and download the payload. NetSupport Manager is often used by hackers to gain remote access and execute offenses. computers"Microsoft said in a tweet.

NetSupport Manager is one remote remote legal tool. However, hackers use it as remote access trojan.

When installed, it allows one hacker to acquire him complete control of the infected machine and execute commands remotely.

In this particular attack, the NetSupport Manager client will be saved as dwm.exe file under a random% AppData% folder and it will start.

As the remote management tool appears to be legal, something unusual may not be noticed by them. users.

After some time, the NetSupport Manager RAT will be used to further compromise the victim's computer by installing other tools and scripts.

Anyone affected by this phishing campaign should react as they respond to violations. data and in the theft of passwords.

It is also possible that the attackers are using the infected machine to spread across the network.

After "cleaning" the infected device, the codes access the rest of the computers on the network will have to be changed and they will need to be investigated for possible infections.


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortress
Pursue Your Dreams & Live!


Lyrics from AI technology or from people: Can you tell them apart?

While a large percentage of people can recognize when they are talking on a chatbot instead of a human operator, it seems that this is not the case ...

Technology and children: When are they ready for safe use?

Today's children and teens use various messaging apps and social media to ...

Call of Duty Black Ops Cold War: The first video leaked

The first video from the gameplay of Call of Duty 2020, which is rumored to be called Black Ops Cold War, has just been revealed.

Elon Musk: "It's time to break up Amazon"

Elon Musk intensifies the fight with Jeff Bezos with a new tweet: The General Manager of Tesla Inc., Elon Musk, said ...

Attack on America's 5G towers on Saturday!

Protests over 5G connectivity are scheduled to take place over the weekend, according to NATE. According to a recommendation that was identified ...

Windows 10 Updates: You can block them with Wu10Man!

Microsoft launched the Windows 10 update in May 2020, so it will be available on your computer soon ....

ECh0raix Ransomware: New campaign targets QNAP NAS devices!

Malicious agents behind eCh0raix Ransomware have launched a new campaign targeting QNAP NAS devices. ECh0raix was observed ...

Mac: How to change the storage location of your screenshots?

When you take screenshots on your Mac device using the Shift-Command-3 shortcut to take a screenshot of the entire computer screen or Shift-Command-4 ...

Malware USBCulprit: Aims devices that are not connected to a network

Did you think that devices without any connection to a local or other network (air-gapped devices) are safe? Think again! The USBCulprit malware that ...

Free Microsoft Teams: You can finally create meetings!

Users of the free version of Microsoft Teams can now create video meetings. The change, identified by ...