Several cybersecurity companies have spotted campaigns that use coronavirus-themed emails to deliver malware, phishing attempts and scams.
The new coronavirus outbreak, which started in China, has made a lot of headlines recently and has caused global panic. Over 40,000 infections have been confirmed and the death toll has exceeded 1,000. The virus has been named 2019-nCoV and Covid-19.
Given the virus’s impact, it’s not surprising that cybercriminals and fraudsters have been leveraging the panic for their own gain. Alerts about cyber threats exploiting the coronavirus outbreak have been issued by several firms and new campaigns continue to emerge.
One new campaign, spotted by researchers at Proofpoint this week, leverages the potential disruptions caused by the coronavirus to global shipping. The attackers seem to target industries such as manufacturing, industrial, finance, transportation, pharmaceutical and cosmetic.
In this operation, cybercriminals believed to be located in Russia and Eastern Europe are sending out emails with specially crafted Word documents set up to exploit a Microsoft Office vulnerability discovered back in 2017. If the flaw is successfully exploited, a variant of the AZORult information-stealing malware is delivered.
The malicious emails warn potential victims about the impact of the coronavirus on the shipping industry.
Proofpoint and IBM reported in late January that they had observed malicious documents set up to deliver the notorious Emotet banking trojan. The operation has been attributed to a known cybercriminal group and it’s aimed at users in Japan.
Kaspersky has seen campaigns delivering malware via PDF, DOCX and MP4 files claiming to provide information on the new coronavirus. “The file names imply that they include virus protection instructions, current threat developments and even virus detection techniques,” Kaspersky said.
As for phishing campaigns, the most widely seen phishing emails purport to come from the World Health Organization (WHO) and the U.S. government’s Centers for Disease Control and Prevention (CDC).
The fake WHO emails, spotted by Sophos, claim to provide information on “safety measures regarding the spreading of corona virus.” The fake CDC emails, seen by AppRiver and KnowBe4, take it one step further and inform recipients that cases of the coronavirus have been confirmed in their city.
The links included in these emails take users to a webpage where they are asked to provide the username and password for their email account.
Malwarebytes has come across scam emails titled “URGENT: Coronavirus, Can we count on your support today?”. These messages ask recipients to make donations and direct them to an application through a link that appears to point to the website of Hong Kong’s Department of Health.
While the malicious emails and phishing websites are not particularly sophisticated or well designed, many users are still likely to take the bait, including from their work devices, which can cause serious problems for enterprises that don’t have efficient security systems in place.
Imperva has reported seeing a sharp increase in comment spam campaigns leveraging the coronavirus. The individuals behind these operations have been posting comments on various websites in an effort to lure users to bogus pharmacies and other shady websites.