Exploiting anything trending for making a quick buck has always remained a favourite tactic among the financially-motivated cybercriminals. With every passing week, we hear about breaches manipulating the sensations around festivals, awards, happening celebrities, events, and so on. And the latest Coronavirus pandemic is no exception either. Cyber thugs are up and kicking and exploring new strategies by steering the growing curiosity around Coronavirus (COVID-19) and lure more victims.
The frequency of such highly sophisticated strategies is surging as people seek rescue from the growing affliction. Our threat researchers at K7 Labs are encountering tens and hundreds of such instances every day.
Days back, we saw an instance of how attackers are stealing personal and financial user information and injecting malicious codes in the disguise of dashboards offering real-time infection level to counter the Coronavirus pandemic. These spoofed dashboards look identical to the legitimate sources and quite challenging to spot any difference from the original ones.
Our researchers at K7 Labs has found multiple instances of phishing emails intended to drop malware payloads in targets systems. To earn victims trust, the attackers are impersonating as World Health Organisation (WHO) or other medical specialists. Such emails usually come with a list of pre-cautionary concluded concerning the malicious attachment. Once the victim downloads and opens it, the malware takes over the system.
There are multiple instances of similar phishing emails targeting the enterprises also. These phishing email senders impersonate as trusted authorities such as FedEx Express or Maersk and send a fake advisory notice with a malware payload. Such malware are either instructed to steal the user credentials from the system browser or install banking Trojans, ransomware, and spyware to execute further damage.
To make sure victims fall prey, the attackers are also using convincing subject lines such as Coronavirus (COVID-19) latest updates and send the email under the cloak of a trusted authority such as the Ministry of Health. These spoofed email comes with a similar list of instructions to be followed by the administration and compels the reader to download the attached file for more guidance. Once the reader downloads and opens it, the file deliberately installs malware in their systems.
The attackers are also taking several other routes such as SMS and calls instructing to download a specific application. Such phishing incidents have already been noticed in many countries in Europe, Asia and the U.S.
[Read More: Hackers are riding on the Coronavirus scare]
To capitalise the awful airborne Coronavirus, the adversaries have also crafted a few Coronavirus ransomware. One such ransomware, called Coronavirus, is actively spreading through a spoofed website. The phishing website is a clone of a popular and legitimate system maintenance app dubbed WiseCleaner. The impersonated website looks quite like the original one and delivers the ransomware to encrypt the system and injects itself in the Windows bootloader.
Another ransomware for Android devices dubbed COVID19 Tracker is also doing the rounds on the internet. The ransomware hides inside an app claimed to offer real-time Coronavirus infection tracking dashboard. Once installed, the app asks for access to specific phone settings. Once enabled, the ransomware locks the device and asks for $100 in BitCoin within a period. If the victim fails to pay, the ransomware threatens to wipe the device storage and leak the social media credentials stored in it.
As if those were not enough. Attackers are also offering malware and hacking tools on the dark web with “COVID-19” codes. For instance, they are offering a Facebook hacking tool at $300 with a “15% coronavirus discount.”
Fraudsters are pushing a bunch of online advertisements too. Such advertisements are claiming to cure COVID-19 infection with a sense of urgency. If anyone clicks on the Call-to-Action button, the ad would either re-direct the machine to download malware, or steal your Personal Identification Information (PII) and send you something useless in return.
Lockout stalkers & prying eyes
Amid this rising fear and anxiety around us, we should better be prepared and tackle the threats online and offline smartly and stay safe. Here are a few safety tips to stay away from the risks mentioned above:
- You should always check the email ID’s to verify the authenticity of the sender.
- Before clicking on any link, hover on it to check the URL and check the original URL via your browser search engine.
- Do update your operating system and application software whenever available. Developers usually roll out patches and updates with fixes for all the discovered vulnerabilities to keep the rogue cybercriminals at bay.
- Be attentive before opening any email attachment. Executing ransomware attacks through file attachments is an old and popular method. Never open any email attachments coming from an unfamiliar or untrusted source.
- Try to bookmark the websites you visit frequently. It helps you get rid of mistyping website URLs. Many cyber attackers host websites with URLs sounding similar to popular sites.
- Double-check the sender’s name in the email signature.
- Ensure there are no unwanted characters or typographical, grammatical or sentence phrasing errors in the email.