The emails claim to be from ‘Johns Hopkins Center’ bearing “WHO COVID-19 SITUATION REPORT”. The attached Excel file, if opened, shows security warning show a graph of supposed coronavirus cases in the US. The file contains a malicious Excel 4.0 macro which downloads & runs NetSupport Manager remote administration tool (RAT).

Microsoft has seen several hundreds of unique attachments designed to avoid antivirus scanners. We expect that the details of the attack will change over time with new faked senders, new email subjects and different file types.

The best way to avoid the attack is to be skeptical and “Think Before You Click”. Johns Hopkins does not send attachments in their update emails.

Be skeptical and cautious – Don’t respond to sensational email marketing. If you are not sure if an offer is real or fake, use your browser and trusted sites to research further.

Fore more info see this post from our Security Awareness Training Partner, KnowBe4.