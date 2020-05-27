NEW DELHI: Cybercriminals have found a new way to take advantage of the coronavirus pandemic to hack user data. They’re using email attachments containing malicious Excel 4.0 macros that can put malware on a user’s device.

The excel sheets claim to provide trackers, data and graphs on the pandemic, something that many will be interested in, but actually contain malicious code.

What’s interesting is that the data in these sheets actually look real. Microsoft Security Intelligence, Microsoft’s own team, sent out an alert with one such spreadsheet. The image shows an excel file which claims to have data on the virus coming from Johns Hopkins University, and it looks quite real.

“We're tracking a massive campaign that delivers the legitimate remote access tool NetSupport Manager using emails with attachments containing malicious Excel 4.0 macros," the company wrote in a tweet. “The covid-19 themed campaign started on May 12 and has so far used several hundreds of unique attachments," it added.

“According to Microsoft, the attachment says it’s a spreadsheet, and it really is: if you open it you will see a genuine-looking graph of coronavirus statistics for the USA," security company Sophos wrote in a blog post. But the company pointed out small errors in the spreadsheet which make it clear that it’s spam.

For instance, while John Hopkins University runs its own covid-tracker that’s available to everyone, the spreadsheet claims that the data is from the New York Times. Also, the subject line of the email this file is being sent in says “Covid-19 [Month Day] Horrible Charts]". A legitimate tracker would not have included the word ‘horrible’, which is meant to spread fear among people. Sophos pointed out that this is a surefire sign that the file isn’t legitimate and shouldn’t be opened.

While this type of an attack falls under the category of phishing only, it’s part of a sub-category that has caught up over the past few years. “The jargon term ‘malspam’ has caught on in recent years to describe this sort of attack — unwanted mass email that is malevolent by design because it actively aims to disseminate malware," wrote Sophos.

