ALERT: Exploitation of CORONAVIRUS topic to launch fraudulent campaigns against users in the cyber environment

sss

Careful!

  • High public interest in the Coronavirus is being exploited by cybercriminals and increasing the number of disinformation campaigns.
  • At least six different types of malware were distributed via email, with the messages having the subject of Coronavirus.
  • At least two state-sponsored operations have been reported worldwide.

Summary

Because of the Coronavirus pandemic (officially called COVID-19), the public's high interest in both the spread of the virus and its methods of infection and prevention has been exploited.

Cybercriminals take advantage of the created context and launch scam or malware campaigns, mostly via e-mail. Moreover, cybersecurity experts from DomainTools draw attention to the fact that in recent weeks the number of new domain registrations with the name coronavirus or covid has increased. Their monitoring has led to the conclusion that most of them are involved in malicious campaigns.

additionally, over the past two weeks, the interest generated around COVID-19 is also being exploited to misinform in political goals:

  • in Ukraine, on February 20, 2020, there were public protests and confrontations based on false information claiming that the number of victims increased due to the repatriation of infected people abroad.
  • According to US officials, thousands of social media accounts of Russian origin, through a coordinated effort, released false information and alerts in connection with the Coronavirus, complicating the fight against this virus globally.

The most common themes within these phishing campaigns were the following:

  • Real-time information about Coronavirus infections

Access only globally trusted sources and avoid installing apps or software to automatically display this information on your devices!

  • Alerts on behalf of infectious disease centers
  • Information about the spread of the Coronavirus
  • Tips from the experts
  • Analyzes of the impact of the pandemic in different fields of activity, especially in the economic sector
  • Offers to invest in various protective measures, cures, vaccines and other miracle drugs
  • "Interesting" information and videos regarding the Coronavirus
  • False information about the origin of the virus, as well as blaming certain states for its creation and spread
  • fake news about the number of victims and how governments are handling the situation, which aims to spread fear and discontent among the population.
     

The main methods used to defraud victims were the following:

  • Phishing emails
  • Malicious attachments (MS-Word, PDF, images, etc.)
  • Malicious links
  • Fake websites, including one case impersonating the World Health Organization
  • Sites that ask for email credentials to allow file downloads
  • Downloads of files containing malicious applications.

Major malware families used were:

  • Emotet – a trojan frequently used as an intermediary for the distribution of other types of malware, including ransomware
  • Azorult – a malware used for credential theft
  • Kiron – a banking Trojan of Brazilian origin
  • Lokibot – a trojan used to steal information
  • Remcos – represents a Trojan that allows remote access (RAT)
  • Trickbot – a banking trojan
  • Other lesser-known types of malware aim to collect and exfiltrate victims' information.

Observations

As the Coronavirus situation evolves, the responsible EU authorities are responding with useful information, warnings and other measures to prevent or contain the virus.

source: CERT-RO

Alte Articole