Microsoft warns of 'massive' COVID-19 email phishing campaign: What to do

(Image credit: solarseven/Getty Images)

If you receive an email claiming to show a COVID-19 "Situation report" from Johns Hopkins Center, don't click on it.

Microsoft has put out a warning against a "massive" phishing campaign that tries to trick people into opening email attachments containing malicious Excel 4.0 macros. The campaign, which started on May 12, uses COVID-19 news as a lure to get people to open an email and download infected attachments. Microsoft wrote in a Twitter thread that the attackers have used "several hundreds" of unique attachments.

The phishing emails claim to come from Johns Hopkins Center and contain the subject line "WHO COVID-19 SITUATION REPORT." Don't open this email. If you do, and you opened the attached Excel files, you'll see a security warning before a graph of US coronavirus cases appears. 

(Image credit: Microsoft Security Intelligence)

You might think you're in the clear, except that while you're looking at the data, a malicious Excel 4.0 macro downloads in the background and runs NetSupport Manager RAT, a remote access tool often misused by cybercriminals to gain access to computers. Worst yet, the NetSupport RAT unloads more components that connect to a C2 server and gives attackers the ability to send further commands. 

Phishing campaigns are increasing in frequency as remote work becomes more common during the COVID-19 pandemic. 

"For several months now, we’ve been seeing a steady increase in the use of malicious Excel 4.0 macros in malware campaigns," Microsoft's Security Intelligence team tweeted. "In April, these Excel 4.0 campaigns jumped on the bandwagon and started using COVID-19 themed lures." 

What to do

Be extra cautious when opening emails from an unknown sender. Even if an email domain looks legit, it's always a good idea to do a Google search to see if others have flagged it as a phishing attempt. 

The Federal Trade Commission has some useful tips on how to spot a phishing campaign and avoid opening malicious links. We recommend visiting the FTC website and familiarizing yourself with these guidelines.

You should also download good antivirus software on your laptop or desktop. Antivirus apps will flag phishing sites for you, but don't rely on them to catch everything. Keep in mind that phishing websites can be hard to spot and the more advanced attempts can bypass antivirus detections. 

Phillip Tracy

Phillip Tracy is the assistant managing editor at Laptop Mag where he reviews laptops, phones and other gadgets while covering the latest industry news. After graduating with a journalism degree from the University of Texas at Austin, Phillip became a tech reporter at the Daily Dot. There, he wrote reviews for a range of gadgets and covered everything from social media trends to cybersecurity. Prior to that, he wrote for RCR Wireless News covering 5G and IoT. When he's not tinkering with devices, you can find Phillip playing video games, reading, traveling or watching soccer.

Latest in Antivirus & Cyber-security
TP-Link routers targeted by Chinese state-sponsored cyber attacks
TP-Link routers may face nationwide ban after 'significantly alarming' link to US cyberattacks
What is a VPN kill switch — and why you should use one
You need a VPN for school, here are 3 services we recommend
The AMD Ryzen and NVIDIA RTX stickers on the Acer Nitro 17
'You basically have to throw your computer away': Researchers explain AMD 'Sinkclose' vulnerability, but do you need to worry?
Google Search
This malware is posing as Google Authenticator using Google ads — here's how to protect yourself
Windows 10 BSOD saying "It's not you, it's me."
Microsoft reveals CrowdStrike outage could have a surprising long-term impact on everyday users
MANILA, PHILIPPINES - JULY 19: Long queues of passengers form at the check-in counters at Ninoy Aquino International Airport, amid a global IT disruption caused by a Microsoft outage and a Crowdstrike IT problem, on July 19, 2024 in Manila, Philippines. A significant global outage affecting Microsoft services, particularly Microsoft 365, has caused widespread disruptions across various sectors, including airlines, banks, and health systems. The outage was attributed to a glitch in CrowdStrike's "Falcon Sensor" software, which impacted Windows systems, leading to thousands of flight cancellations and operational chaos in multiple industries. Microsoft has reported that the underlying cause of the outage has been fixed, but residual effects continue to impact some users as the company works on full recovery. (Photo by Ezra Acayan/Getty Images)
The CrowdStrike outage spotlights major vulnerabilities in the global information ecosystem
Latest in News
A close-up of a light-colored computer keyboard shows the keys T, Y, G, and H replaced by the logos of OpenAI, DeepSeek, Grok, and Gemini, the leading competitors in the artificial intelligence market. This serves as a visual metaphor for the intense rivalry and innovation in the AI industry. (Photo by Matteo Della Torre/NurPhoto via Getty Images)
Is generative AI inadvertently reducing the voices of many to the banality of one?
WWDC 2025 could mark the beginning of the end for certain iPhone users
Error when installing Google Chrome on the Asus Vivobook 16 Flip, on a white desk against a blue background.
"This app can't run on your PC": Google's Chrome Installer broke on Windows, but there's a fix
Nintendo Switch 2 handheld gaming console
Nintendo Switch 2 preorder date: It might be a lot closer than you think, say tipsters
Microsoft Surface Laptop (7th Edition, 2024)
Windows-on-Arm woes: Amazon warns customers about Surface laptop returns
Apple Watch Series 8
Siri is the biggest obstacle to making the Apple Watch an AI hit