• ProgIST CyberSec Division

Beware of the other virus – Coronavirus themed phishing attacks in action



If health issues were not enough to worry about with the new coronavirus, here’s one more thing:

Scammers are using the outbreak to steal your information through phishing attempts or to lure you into downloading a different kind of virus

As the coronavirus is spreading across the globe, people are naturally searching online for the latest information and updates on how it might affect them, and what they can do to protect themselves.

Taking advantage of this situation for their own gain, cyber-criminals around the globe have found the coronavirus serving them well as an enabler for their activities, and are riding the wave of the epidemic. Cyber-criminals are exploiting interest in the global epidemic to spread their malicious activity, with several spam campaigns relating to the outbreak of the virus.

Since January 2020, there have been over 4,000 coronavirus-related domains registered globally. Out of these websites, 3% were found to be malicious and an additional 5% are suspicious. Coronavirus- related domains are 50% more likely to be malicious than other domains registered at the same period.

Many of these domains are used for phishing attempts. As of now, many web-pages are spotted likely known to be related to malicious activities that lure the victims to fake websites with discussions around the virus, as well as from scam websites that claim to sell face masks, vaccines, and home tests that can detect the virus.

Case Study

A widespread targeted coronavirus themed phishing campaign was recently spotted targeting organizations worldwide, hitting over 10% of all organizations in Italy with the aim of exploiting concerns over the growing cluster of infections in the country. Here is an example of the mail content:

Clicking on “enable editing” and “enable content” inside the attachment file will lead to the download of Ostap Trojan-Downloader, which is known to be a Trickbot downloader. Trickbot is a prodigal banking Trojan constantly being updated with new capabilities, features and distribution vectors. This enables Trickbot to be a flexible and customizable malware that can be distributed as part of multi-purpose campaigns.

How to stay protected

The question arises: How to avoid falling victim to these scam attempts?

We recommend the following things for safe online behavior:

  • Be cautious with emails and files received from unknown senders, especially if they prompt for a certain action you usually would not do.

  • Ensure you are ordering goods from an authentic source. One way to do this is NOT to click on promotional links in emails, and instead Google your desired retailer and click the link from the Google results page.

  • Beware of “special” offers. “An exclusive cure for Coronavirus” is usually not a reliable or trustworthy purchase opportunity, but most likely fraud. At this point of time there is no cure for the coronavirus and even if there was, it definitely would not be offered to you via an email.

  • Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.

Source credits

  • LinkedIn
  • Twitter
  • Facebook

© 2020 by Progist.