Security researchers are discovering a number of malicious attacks designed to exploit public fears around COVID-19, more commonly just called coronavirus. The attacks to date take two major forms: a map which looks legitimate but downloads #malware, and various document attachments that purport to provide health and safety information related to COVID-19.
The coronavirus heat map may look legitimate, in that it takes information from Johns Hopkins University’s page, which is itself clean. However, nefarious actors have created a package for sale on the dark web called “corona-virus-map.com”, which uses AzoRult malware. It can steal credentials and credit card info. Links to sites bearing this malware have been spread through email.
The second type of attack also arrives via email. These contain attachments that look like official information, complete with stolen pictures and logos, on how to prevent coronavirus. Some download trojans and other malware, and others ask victims to verify email addresses and passwords, which are captured by the attackers.
Unfortunately, such attacks and scams are likely to continue in the weeks ahead.
Recommendations
KuppingerCole’s advice is:
- Beware of phishing. Remind users not to click suspicious links and attachments. Make enterprise users and friends and family aware of these scams.
- Use email security gateways. If you’re using a SaaS-delivered email service, opt for any additional security screening if available.
- Use anti-malware products on all endpoints. Keep subscriptions current.
Find out what IT should avoid in times of crisis.
For more information on anti-malware, see our list of publications on the subject.
External Sources
https://www.grahamcluley.com/coronavirus-map-used-to-spread-malware/
https://krebsonsecurity.com/2020/03/live-coronavirus-map-used-to-spread-malware/
https://www.pcrisk.com/removal-guides/17270-corona-virus-map-com-trojan
https://nakedsecurity.sophos.com/2020/02/05/coronavirus-safety-measures-email-is-a-phishing-scam/
https://www.kaspersky.com.au/blog/coronavirus-used-to-spread-malware-online/25737/