header logo
Mogo Academy
Science & Tech
Microsoft warns Windows 10 users to look out for new threat attacking PCs
May 25, 202010:05 AM
Microsoft warns Windows 10 users to look out for new threat attacking PCs
Mobitel Inner

Windows 10 users need to be aware of a new threat which can let hackers completely take over their machines and execute commands remotely. 

 

This week Microsoft issued a warning about the ongoing and “massive” phishing campaign which tries to take advantage of people’s concerns over the coronavirus. The scam begins with an email being sent claiming to offer an important update on COVID-19, and the message features an Excel document attached.

 

This file is included in a message allegedly from the John Hopkins Center, and when opened it does display a graph showing details on coronavirus cases and deaths.

 

But despite this legitimate looking diagram, the document also contains malicious macros that are executed when the user is prompted to ‘Enable Content’.

 

As reported on in a post by Bleeping Computer, once this is clicked the NetSupport Manager remote administration tool is installed.

 

This commonly distributed hacking tool is a trojan that gives a threat actor remote access to an infected machine.

 

Discussing the threat, the Microsoft Security Intelligence team’s Twitter posted: “The hundreds of unique Excel files in this campaign use highly obfuscated formulas, but all of them connect to the same URL to download the payload.

 

“NetSupport Manager is known for being abused by attackers to gain remote access to and run commands on compromised machines”.

 

The RAT is also capable of compromising a victim’s Windows 10 machine even further by installing other malicious tools and scripts.

 

The Microsoft Security Intelligence Twitter added: “The NetSupport RAT used in this campaign further drops multiple components, including several .dll, .ini, and other .exe files, a VBScript, and an obfuscated PowerSploit-based PowerShell script. It connects to a C2 server, allowing attackers to send further commands”.

 

If you have already fallen victim to this campaign then you should assume your data has been compromised and that a malicious party has tried to steal your passwords.

 

Make sure you clean the infected device and change all passwords on your machine as well as those belonging to other computers on your network.

 

Speaking about the threat Jake Moore, the Cybersecurity Specialist at ESET, said: “Remote attacks are inevitably going to be on the increase as more people access their office networks remotely.

 

“As the UK workforce went home, large numbers of people have fired up their own, and no doubt old, devices to work from.

 

“This increases the chances of attacks without the proper security checks in place, but coupled with authentic-looking emails with a genuine reason to use remote software, it becomes a plausible con.

 

“Moreover, it would seem many people have relaxed their barrier to phishing scams amid the desperation to find the latest COVID-19 news, so when scammers use names like John Hopkins University, this seems to be working better than the classic Netflix or HMRC scams.”

 

Source: Express.co.uk

 

 

 

MostRead
Mobitel Upahara
VideoStories
Former IGP C.D. Wickramaratne found dead in suspected suicide at Malabe residence

Former IGP C.D. Wickramaratne found dead in suspected suicide at Malabe residence

Appeal Courts postpones further hearing of Suresh Sallay’s writ petition to July 21

Appeal Courts postpones further hearing of Suresh Sallay’s writ petition to July 21

“Democracy must be defended from elected leaders” - Former BASL President

“Democracy must be defended from elected leaders” - Former BASL President

Multiple raids conducted at hospitals and medical labs to safeguard public safety

Multiple raids conducted at hospitals and medical labs to safeguard public safety

Cardinal Ranjith files intervening petition seeking dismissal of Suresh Sallay's plea

Cardinal Ranjith files intervening petition seeking dismissal of Suresh Sallay's plea

 Negombo Prison clash : Further hearing of case adjourned until July 23

Negombo Prison clash : Further hearing of case adjourned until July 23

Minister Lalkantha asserts no further increase in paddy prices despite farmer protests

Minister Lalkantha asserts no further increase in paddy prices despite farmer protests

Dengue cases rise to 72,430 islandwide as prevention programmes continue in 63 MOH divisions

Dengue cases rise to 72,430 islandwide as prevention programmes continue in 63 MOH divisions

Opposition submits UN complaint over proposal to extend judges’ retirement age

Opposition submits UN complaint over proposal to extend judges’ retirement age

Dengue cases surge with 15,856 reported in first half of July; Gampaha District tops figures

Dengue cases surge with 15,856 reported in first half of July; Gampaha District tops figures

Wimal Weerawansa’s brother remanded over alleged misuse of state-owned vehicles

Wimal Weerawansa’s brother remanded over alleged misuse of state-owned vehicles

Legal gambling can generate significant state revenue  - Dr. Harsha de Silva at CoPF

Legal gambling can generate significant state revenue - Dr. Harsha de Silva at CoPF

Negombo Prison Clash death toll climbs to 31; 40 officers assigned to probe unrest, court informed

Negombo Prison Clash death toll climbs to 31; 40 officers assigned to probe unrest, court informed

"If IMF is our hope, do we need a President?" Treasury filled by emptying public's pockets: Dilith

"If IMF is our hope, do we need a President?" Treasury filled by emptying public's pockets: Dilith

“Unreported dengue cases may be much higher” Dengue caseload nears 70,000, deaths at 48

“Unreported dengue cases may be much higher” Dengue caseload nears 70,000, deaths at 48

Lassana Flora