Fake News Uses Coronavirus To Spread Malware

Uploaded on 2020-02-10 in TECHNOLOGY--Hackers, FREE TO VIEW

Cybercriminals are using fake email messages about coronavirus Covid-19 to spread the Emotet Trojan as well as other malware, according to a report released this week by Kaspersky

In Japan  the Emotet Trojan, a particularly damaging of malware that has been devastatingly effective, attacking governments and financial institutions. 

An email discovered by IBM found that cybercriminals were sending emails under the guise of being part of a disability welfare service provider in Japan. The emails falsely claim that there are reports of coronavirus patients in the Gifu, Tottori and Osaka prefectures in Japan, urging victims to read an attached Microsoft Word document which contains the Emotet Trojan. 

The messages are particularly dangerous because they were made to look like official government emails, equipped with legitimate addresses, phone numbers and emails.  

Malicious files disguised as documents relating to the coronavirus have also been spotted by Kaspersky’s threat detection technology, exploiting people’s fears of infection to spread malware and other cyber threats. The malicious files discovered by Kaspersky’s researchers were disguised as pdf, mp4 and docx files about the coronavirus. In each case the filenames implied that they contained useful information on how to protect yourself from the coronavirus, information on how to detect it, and news updates.

In reality, the files contained various threats including Trojans and worms capable of destroying, blocking, modifying or copying and exfiltrating personal data, as well as interfering with the victims’ computing equipment or networks.

Coronavirus
Coronaviruses are a family of respiratory infections that includes both mild illnesses such as the common cold and more serious ones such as Sars and Mers. The variant in question emerged in Hubei province in central China in December 2019. It has now spread to every other province of mainland China and several other countries, including Australia, France, Japan, South Korea, Taiwan, Thailand and the US. The nature of coronaviruses and the difficulty of reporting cases accurately in some areas means the true number is probably unknown. The new coronavirus variant has now been named Covid-19 by the World Health Organisation.

Coronavirus News Used To Spread Malware
“The coronavirus, which is being widely discussed as a major news story, has already been used as bait by cyber criminals,” said Anton Ivanov, a malware analyst at Kaspersky. “So far, we have seen only 10 unique files, but as this sort of activity often happens with popular media topics then we expect that this tendency may grow. As people continue to be worried for their health, we may see more malware hidden inside fake documents about the coronavirus being spread.”

High-profile events, news stories and offline threats are almost inevitably exploited by cyber criminals to spread malicious files or run scams on victims and often play on justified concerns. Already in 2020, criminal gangs have exploited the Travelex ransomware attack to conduct telephone scams. As always, users can take a number of simple steps to avoid falling victim to malicious files masquerading as legitimate content. 

Recipients should avoid clicking on unsolicited, suspicious links sent to them that claim to be exclusive content, rather than going direct to official sources for accurate and trustworthy information on the coronavirus. It is also advisableto look closely at the three letter file extension as legitimate documents and video files will rarely if ever be in .exe or .lnk formats.

Elsewhere in the industry, the coronavirus outbreak has also begun to affect the IT supply chain. In its most recent quarterly results announcement this week, Apple said it was working on contingency and mitigation plans to protect production facilities in Chinas.

Computer Weekly:        TechRepublic:        BankInfoSecurity

You Might Also Read: 

Email Malware Targeting US Senators & Military:

 


 

 

« Big Cyber Attack Hits Iran
Spies Really Like Artificial Intelligence »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Booz Allen Hamilton

Booz Allen Hamilton

Booz Allen Hamilton is a management & tech consulting firm. Technology services include cloud computing, cyber security, systems development and integration.

Rubicon Workflow Solutions

Rubicon Workflow Solutions

Rubicon is a leading provider of managed IT support and strategic services, specialising in creative and mixed platform environments.

Tigerscheme

Tigerscheme

Tigerscheme is a certification scheme for information security specialists, backed by University standards and covering a wide range of expertise.

Cryptosense

Cryptosense

Cryptosense provides the first application security software dedicated to the detection and remediation of crypto vulnerabilities.

Clari5

Clari5

Clari5 redefines real-time, cross channel banking Enterprise Fraud Management using a central nervous system approach to fight financial crime.

iQuila

iQuila

iQuila is a virtual overlay network which runs on top of an existing network. It creates a secure software enabled layer 2 connection across the internet or any public or private cloud.

NinjaJobs

NinjaJobs

NinjaJobs is a community-run job platform developed by information security professionals. We focusing strictly on cybersecurity positions.

M2SYS

M2SYS

M2SYS is a worldwide leader in identification and authentication solutions.

ArcRan Information Technology

ArcRan Information Technology

ArcRan concentrates on developing comprehensive cybersecurity solutions for smart city applications. We believe that cybersecurity is the fundamental enabler of IoT development.

Lewis Brisbois

Lewis Brisbois

Lewis Brisbois offers legal practice in more than 40 specialties, and a multitude of sub-specialties including Data Privacy & Cybersecurity.

ConnectWise

ConnectWise

The Unified ConnectWise Platform offers intelligent software and expert services to easily run your business, deliver your services, secure your clients, and build your staff.

Turnkey Consulting

Turnkey Consulting

Turnkey Consulting is a leading provider of Integrated Risk Management (IRM), Identity Access Management (IAM), and Cyber and Application Security.

Mosyle

Mosyle

Businesses and educational institutions rely on Mosyle to manage and secure their Apple devices and networks.

Park Place Technologies

Park Place Technologies

Park Place Technologies' mission is to drive uptime, performance and value for critical IT infrastructure.

Omdia

Omdia

Omdia is a technology research and advisory group. Our deep knowledge of tech markets combined with our actionable insights empower organizations to make smart growth decisions.

Benchmark Executive Search

Benchmark Executive Search

Benchmark specializes in finding elite talent for startup, emerging-growth and mid-cap companies offering game-changing technologies or innovative services to the federal and commercial markets.