Cyber criminals are using the fear surrounding the coronavirus outbreak to infect the devices of unsuspecting victims with malware.
The malware, delivered via an email attachment, was discovered by Kaspersky Lab and IBM X-Force.
Kaspersky’s findings
The emails flagged by Kaspersky contained malware hidden within PDF, docx and MP4 files, implying that they claimed to have information on coronavirus protection, detection and developments.
Anton Ivanov, a malware analyst at Kaspersky, said: “The corona virus, which is currently hotly debated in the media, has been used as a bait by cybercriminals. So far, we’ve only identified ten unique files, but since this type of activity is common to popular media topics, we expect this number to increase. As people continue to worry about their health, fake documents that are said to educate them about the corona virus may be spreading more and more malware.”
IBM X-Force’s findings
Meanwhile, IBM X-Force discovered emails with attached Word documents infected with the Emotet malware.
The emails, sent to people in Japan, state that the coronavirus has reached several Japanese prefectures and urge the recipient to open the attached document for more information. Once they do, Emotet is installed on their device.
IBM X-Force believes that “This new approach to delivering Emotet may be significantly more successful, due to the wide impact of the coronavirus and the fear of infection surrounding it”. It also expects similar emails to target other countries.
Emotet malware
Emotet began as a banking Trojan in 2014 and was used to steal users’ credentials and financial information by scraping and eavesdropping on network traffic. The compromised information was sent back to command-and-control servers through cookies in HTTP requests.
Since then, Emotet has evolved to be run as malware-as-a-service, allowing cyber attackers to use it to distribute different payloads.
The extent of the coronavirus campaign
Only several emails have been caught so far, so the extent of the malware campaign cannot be fully gauged.
Kaspersky Lab said that “The current number of infected users is not high enough to comprehensively know about the distribution methods of these files. But looking at previous cases, we can assume that users receive them from prepared attackers’ sites on the subject of coronavirus and via malicious email.”
Hello Alice, is it true that Emotet malware has gone through a few iterations? i.e., its earlier versions arrived as a malicious JavaScript file, and later on the versions evolved which used macro-enabled documents to retrieve the virus payload from command and control servers run by the attackers.