Fake News Uses Coronavirus To Spread Malware

Uploaded on 2020-02-10 in TECHNOLOGY--Hackers, FREE TO VIEW

Cybercriminals are using fake email messages about coronavirus Covid-19 to spread the Emotet Trojan as well as other malware, according to a report released this week by Kaspersky

In Japan  the Emotet Trojan, a particularly damaging of malware that has been devastatingly effective, attacking governments and financial institutions. 

An email discovered by IBM found that cybercriminals were sending emails under the guise of being part of a disability welfare service provider in Japan. The emails falsely claim that there are reports of coronavirus patients in the Gifu, Tottori and Osaka prefectures in Japan, urging victims to read an attached Microsoft Word document which contains the Emotet Trojan. 

The messages are particularly dangerous because they were made to look like official government emails, equipped with legitimate addresses, phone numbers and emails.  

Malicious files disguised as documents relating to the coronavirus have also been spotted by Kaspersky’s threat detection technology, exploiting people’s fears of infection to spread malware and other cyber threats. The malicious files discovered by Kaspersky’s researchers were disguised as pdf, mp4 and docx files about the coronavirus. In each case the filenames implied that they contained useful information on how to protect yourself from the coronavirus, information on how to detect it, and news updates.

In reality, the files contained various threats including Trojans and worms capable of destroying, blocking, modifying or copying and exfiltrating personal data, as well as interfering with the victims’ computing equipment or networks.

Coronavirus
Coronaviruses are a family of respiratory infections that includes both mild illnesses such as the common cold and more serious ones such as Sars and Mers. The variant in question emerged in Hubei province in central China in December 2019. It has now spread to every other province of mainland China and several other countries, including Australia, France, Japan, South Korea, Taiwan, Thailand and the US. The nature of coronaviruses and the difficulty of reporting cases accurately in some areas means the true number is probably unknown. The new coronavirus variant has now been named Covid-19 by the World Health Organisation.

Coronavirus News Used To Spread Malware
“The coronavirus, which is being widely discussed as a major news story, has already been used as bait by cyber criminals,” said Anton Ivanov, a malware analyst at Kaspersky. “So far, we have seen only 10 unique files, but as this sort of activity often happens with popular media topics then we expect that this tendency may grow. As people continue to be worried for their health, we may see more malware hidden inside fake documents about the coronavirus being spread.”

High-profile events, news stories and offline threats are almost inevitably exploited by cyber criminals to spread malicious files or run scams on victims and often play on justified concerns. Already in 2020, criminal gangs have exploited the Travelex ransomware attack to conduct telephone scams. As always, users can take a number of simple steps to avoid falling victim to malicious files masquerading as legitimate content. 

Recipients should avoid clicking on unsolicited, suspicious links sent to them that claim to be exclusive content, rather than going direct to official sources for accurate and trustworthy information on the coronavirus. It is also advisableto look closely at the three letter file extension as legitimate documents and video files will rarely if ever be in .exe or .lnk formats.

Elsewhere in the industry, the coronavirus outbreak has also begun to affect the IT supply chain. In its most recent quarterly results announcement this week, Apple said it was working on contingency and mitigation plans to protect production facilities in Chinas.

Computer Weekly:        TechRepublic:        BankInfoSecurity

You Might Also Read: 

Email Malware Targeting US Senators & Military:

 


 

 

« Big Cyber Attack Hits Iran
Spies Really Like Artificial Intelligence »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Varonis

Varonis

Varonis provide a security software platform to let organizations track, visualize, analyze and protect their unstructured data.

Mako Group

Mako Group

The Mako Group specializes in protection - providing security through auditing, testing, and assessments. And, we do it all with the highest quality standards possible.

Attivo Networks

Attivo Networks

Attivo Networks is an award winning provider of deception for in-network threat detection, attack forensic analysis, and continuous threat response.

Balbix

Balbix

Balbix BreachControl™ is the industry’s first system to leverage specialized AI to provide comprehensive and continuous predictive assessment of breach risk.

ConvergeOne

ConvergeOne

ConvergeOne is a leading global IT services provider of collaboration and technology solutions including cybersecurity.

GV

GV

GV provides venture capital funding to bold new companies in the fields of life science, healthcare, artificial intelligence, robotics, transportation, cyber security and agriculture.

Deepnet Security

Deepnet Security

Deepnet Security is a leading vendor in Multi-Factor Authentication (MFA) and Identity & Access Management (IAM).

Hold Security

Hold Security

Hold Security works with companies of all sizes to provide unparalleled Threat Intelligence services that actually make a difference.

NanoVMs

NanoVMs

NanoVMs is the industry's only unikernel platform available today. NanoVMs runs your applications as secure, isolated virtual machines faster than bare metal installs.

Berezha Security Group (BSG)

Berezha Security Group (BSG)

BSG is a cybersecurity consulting firm specializing in all aspects of application security and penetration testing.

Datrix

Datrix

Datrix is a leading Smart Infrastructure and Cyber Security solutions provider. We deliver critical networking, communications and cyber security solutions to public and private sector organisations.

SoftwareONE

SoftwareONE

SoftwareONE is a leading global provider of end-to-end software and cloud technology solutions.

Amazon Web Services (AWS)

Amazon Web Services (AWS)

Amazon Web Services is the world’s most comprehensive and broadly adopted cloud platform, offering fully featured services from data centers globally.

Stacklok

Stacklok

Stacklok are an Open Source first security company enabling safe Open Source Software consumption.

ConvergePoint

ConvergePoint

ConvergePoint is the leading compliance software provider on the Microsoft Office 365 SharePoint platform.

USX Cyber

USX Cyber

USX Cyber was founded on the idea that small and medium businesses deserve and require the same level and sophistication of cyber protection as large enterprises.