SANS ISC shares another sophisticated attack that resembles official & highly realistic email notice that may trick users into clicking on malicious links or actions … Please be extra cautious, esp. if you must now work at home where more robust corporate defense systems may not be available, that usually catch these items

Reader Andrew received a COVID-19 themed email with malicious attachment, and submitted the complete email. The email body is a fake message from criminals cautioning their victims that documents are required to leave their house during a “National State of Emergency“, which are conveniently attached to the email: The attachment is a ZIP file. This PowerShell script downloads 3 files. These sites too are no longer active, but a quick search reveals that this is the KPOT infostealer.