Microsoft warned users about a persistent email phishing threat that targets users with morbid lures related to the coronavirus and portraits of leading medical institutions.

COVID-19 email scams have been rampant since the pandemic began, with malicious vendors looking to profit from the fear and increased Internet usage. The Microsoft Security Intelligence Team is tracking what it claims to include the latest death toll from John Hopkins, a pioneer in coronavirus mapping and case tracking.

However, according to Microsoft, the Excel attached to the email not only displays a graph of coronavirus-related deaths in the U.S., but when opened, the hostile file prompts users to "enable content."

If this action is performed by an unsuspecting victim, the malicious macro in the Excel file downloads and installs the NetSupport Manager client using a remote access trojan, or RAT.

NetSupport Manager's remote administration tools allow hackers to hijack a user's system and execute commands remotely.

The Microsoft Security Intelligence team issued this alert via Twitter, using a thread to explain how many different dirty Excel files all trace to the same URL.

"Hundreds of unique Excel files in this campaign use highly obfuscated formulas, but all connect to the same URL to download the payload," Microsoft wrote. NetSupport Manager is known to be exploited by attackers to remotely access compromised machines and execute commands."

The NetSupport Manager tool is useful for bona fide remote administration, but is easily exploited by RAT hackers.

If a malicious vendor gains access to your system via NetSupport Manager, your entire computer is at risk. Hackers have the means to command your machine, install files, and steal your personal data.

A healthy dose of skepticism can help protect your information and your devices. If you receive an email from someone outside of your contact list, do not click on the link inside, but look up the sender's email address.

Malicious addresses often also contain misspelled words or random combinations of letters and numbers.

It may also help to install and run the best antivirus software for Windows as well as Mac and Android. Most of the attacks seen in recent months are already well known and are detected and stopped by AV software.