Microsoft is warning of an ongoing COVID-19 themed phishing campaign that installs the NetSupport Manager remote administration tool.

In a series of tweets, the Microsoft Security Intelligence team outlines how this “massive campaign” is spreading the tool via malicious Excel attachments.

The attack starts with emails pretending to be from the Johns Hopkins Center, which is sending an update on the number of Coronavirus-related deaths there are in the United States.

Malicious COVID-19 themed email
Malicious COVID-19 themed email

Attached to this email is an Excel file titled ‘covid_usa_nyt_8072.xls’, that when opened, displays a chart showing the number of deaths in the USA based