Criminal hackers exploit fear of coronavirus to spread malware

Cyber criminals are using the fear surrounding the coronavirus outbreak to infect the devices of unsuspecting victims with malware.

The malware, delivered via an email attachment, was discovered by Kaspersky Lab and IBM X-Force.

Kaspersky’s findings

The emails flagged by Kaspersky contained malware hidden within PDF, docx and MP4 files, implying that they claimed to have information on coronavirus protection, detection and developments.

Anton Ivanov, a malware analyst at Kaspersky, said: “The corona virus, which is currently hotly debated in the media, has been used as a bait by cybercriminals. So far, we’ve only identified ten unique files, but since this type of activity is common to popular media topics, we expect this number to increase. As people continue to worry about their health, fake documents that are said to educate them about the corona virus may be spreading more and more malware.”

IBM X-Force’s findings

Meanwhile, IBM X-Force discovered emails with attached Word documents infected with the Emotet malware.

The emails, sent to people in Japan, state that the coronavirus has reached several Japanese prefectures and urge the recipient to open the attached document for more information. Once they do, Emotet is installed on their device.

IBM X-Force believes that “This new approach to delivering Emotet may be significantly more successful, due to the wide impact of the coronavirus and the fear of infection surrounding it”. It also expects similar emails to target other countries.

Emotet malware

Emotet began as a banking Trojan in 2014 and was used to steal users’ credentials and financial information by scraping and eavesdropping on network traffic. The compromised information was sent back to command-and-control servers through cookies in HTTP requests.

Since then, Emotet has evolved to be run as malware-as-a-service, allowing cyber attackers to use it to distribute different payloads.

The extent of the coronavirus campaign

Only several emails have been caught so far, so the extent of the malware campaign cannot be fully gauged.

Kaspersky Lab said that “The current number of infected users is not high enough to comprehensively know about the distribution methods of these files. But looking at previous cases, we can assume that users receive them from prepared attackers’ sites on the subject of coronavirus and via malicious email.”


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.