Cybercriminals are using the fear of coronavirus outbreak in China to spread malware on thousands of devices worldwide via malicious emails supposedly offering preventive measures against the deadly virus, according to a new report by IBM X-Force Exchange.
“The practice of leveraging worldwide events by basing malicious emails on current important topics has become common among cybercriminals. Such a strategy is able to trick more victims into clicking malicious links or opening malicious files, ultimately increasing the effectiveness of a malware campaign,” IBM Security said in its report.
The first major malware campaign was detected by IBM’s X-Force targeted at Japan, mainly the major population centres of Gifu, Osaka and Tottori. Users were sent emails disguised as official emails from a disability welfare service provider in Japan.
The text states that “There have been reports of coronavirus patients in the Gifu prefecture in Japan and urges the reader to view the attached document,” which is supposedly a notice regarding infection prevention measures.
The attachments disguised as Microsoft Word docs contain malicious payloads linked to the infamous Emotet malware family. Once opened, the malware can “harvest user credentials, browser history, and sensitive documents that will be packed and sent to attacker-controlled storage servers.”
Besides stealing sensitive information, the affected machine can be used to send malicious spam messages to other targets, thereby increasing the reach of the malware.
“This new approach to delivering Emotet may be significantly more successful, due to the wide impact of the coronavirus and the fear of infection surrounding it,” IBM Security added in the report. “We expect to see more malicious email traffic based on the coronavirus in the future, as the infection spreads. This will probably include other languages too.”
Last Thursday, security experts at Kaspersky Lab also discovered malware-infected emails about a new strain of coronavirus. The malicious files were disguised as legitimate file formats, such as pdf, mp4 or docx files, to hide their true nature and spread the payload.
“The file names imply that they contain video instructions on how to protect yourself from the virus, updates on the threat and even virus detection procedures, which is not actually the case,” Kaspersky Lab said.
In reality, these files contained different range of cyber threats including Trojans and worms. The malware can destroy, block, modify and copy data from the targeted computer network, as well as interfere with the operation of computers or computer networks.
“So far we have seen only 10 unique files, but as this sort of activity often happens with popular media topics, we expect that this tendency may grow. As people continue to be worried for their health, we may see more and more malware hidden inside fake documents about the coronavirus being spread,” said Kaspersky malware analyst Anton Ivanov in a statement.
In order to safeguard yourself from the malicious programmes, do not open emails received from unknown senders promising updates on the Wuhan coronavirus as well as do not open attached files or click on suspicious links. Also, check the file extensions of any file you download.
“Documents and video files should not have been made either .exe or .lnk formats,” Kaspersky noted.
Additionally, also ensure that the anti-virus software and associated files on your device are up to date.
Recently, social media platforms such as Facebook and Twitter have tried to enforce measures in order to protect the general public from incorrect information regarding the outbreak.
The Coronavirus that originated in the Wuhan district in China has been declared as a public health emergency by the World Health Organisation (WHO).