Kaspersky researchers have found multiple COVID-19-related malicious e-mail campaigns and hundreds of downloadable files that attempt to infect users’ devices with threats. While news on the coronavirus spread continues to appear and dominate the headlines, attackers are also looking for opportunities to use this topic for malicious purposes. This is a very dangerous practice, as it exploits people’s concerns for their health and safety of their beloved ones in attempt to pressure them into falling for a trick.
The researchers have detected malicious files that were masked under the guise of pdf, mp4 and docx files about the coronavirus. The names of files imply that they contain video instructions on how to protect yourself from the virus, updates on the threat and even virus detection procedures, which is not actually the case. In fact, these files contained threats to users’ devices.
“The coronavirus, which is being widely discussed as a major news story, has already been used as bait by cybercriminals. Now, the number of users whose devices have had malicious files named after the coronavirus on them has risen to 403 in 2020, with a total of 2,673 detections and 513 unique files distributed. While the numbers rose significantly compared to the initial statistics we have shared, this threat is still rather minimal” – comments Anton Ivanov, malware analyst at Kaspersky.
Some malicious files are spread via email. For example, an Excel file distributed via email under the guise of a list of coronavirus victims allegedly sent from the World Health Organization (WHO) was in fact a Trojan-Downloader, which secretly downloads and installs another malicious file. This second file was a Trojan-Spy designed to gather various data, including passwords, from the infected device and send it to the attacker.
Security researcher at Kaspersky, Tatyana Scherbakova, has elaborated on the mechanics of such scams: “We were detecting emails offering products such as masks leading to phishing websites or fake offerings of vaccines, since the COVID-16 epidemic started. Yet lately we saw more elaborate spam campaigns that mimic the World Health Organization (WHO). Cybercriminals recognise the important role WHO has in providing trustworthy information about the coronavirus.
Users receive emails allegedly from WHO, which supposedly offer information about safety measures to be taken to avoid infection. Once a user clicks on the link embedded in the email, they are redirected to a phishing website and prompted to share personal information, which ends up in the hands of cybercriminals. This scam looks more realistic than other examples we have seen lately”.
In the meantime, governments and businesses across the world are increasingly encouraging home working in a bid to slow the spread of COVID-19/coronavirus. It is likely that, where feasible, companies will allow more people than ever before to work remotely, so now is a good time for organisations to re-examine security around remote access to corporate systems. Once devices are taken outside of a company’s network infrastructure and are connected to new networks and Wi-Fi, the risks to corporate information increase.
“We would encourage companies to be particularly vigilant at this time, and ensure employees who are working at home exercise caution. Businesses should communicate clearly with workers to ensure they are aware of the risks, and do everything they can to secure remote access for those self-isolating or working from home.
In addition to the increase in remote working, we have also seen cybercriminals trying to piggyback on the virus, hiding malicious files in documents purporting to relate to the disease. So, with this opportunistic approach by criminals, coupled with changes to working habits, it’s wise for businesses to be extra vigilant at this time,” comments David Emm, principal security researcher, Kaspersky.
There are a number of simple steps that can be taken to reduce the cyber-risks associated with coronavirus.
Write to us firstname.lastname@example.org