As the world comes to grips with the coronavirus pandemic, the situation has proven to be a blessing in disguise for threat actors, who’ve taken advantage of the opportunity to target victims with scams or malware campaigns.
According to a new report published by Check Point Research, today hackers are exploiting the COVID-19 outbreak to spread their own infections. This includes registering malicious Coronavirus-related domains and selling discounted off-the-shelf malware on the dark web.
Domain Name Purchases Increased Dramatically
In the past three weeks alone, we have noticed a huge increase in the number of domains registered. The number of new domain registries is 10 times the average number found in previous weeks. “0.8 percent of these domains are malicious websites(93 websites). Another 19 percent were found to be suspicious (more than 2,200 websites).”
The seller “True Mac” is selling a 2019 MacBook Air model for a mere $390. This being their “corona special offer.” It goes without saying the offer is a scam.
Past that there is A Long List of Coronavirus-Themed Attacks.
The latest developments add to a long list of cyberattacks against hospitals and testing centers. Phishing campaigns that distribute malware and execute malware and ransomware attacks aim to profit off the global health concern. Below are some that we have noticed.
- A COVID-19-themed malspam campaign targeted the manufacturing, industrial, finance, transportation, pharmaceutical, and cosmetic industries via Microsoft Word documents that exploit a two-and-a-half-year-old Microsoft Office bug in Equation Editor to install AZORult malware. The AZORult info stealer, distributed using a fraudulent version of the Johns Hopkins Coronavirus Map in the form of a malicious executable.
- A fake real-time coronavirus tracking Android app, called “COVID19 Tracker,” found to abuse user permissions to change the phone’s lock screen password and install CovidLock ransomware in return for a $100 bitcoin ransom.
- Another phishing attack, uncovered by Abnormal Security, targeted students and university staff with bogus emails in a bid to steal their Office 365 credentials by redirecting unsuspecting victims to a fake Office 365 login page.
- Comment spamming attacks on websites that contained links to a seemingly innocuous coronavirus information website but redirected users to dubious drug-selling businesses.
- Aside from malware-laden spam emails. F-Secure researchers have observed a new spam campaign that aims to capitalize on the widespread mask shortage. By tricking recipients into paying for masks, only to send them nothing.
Be Mindful of What You Click
Although we hope you have several layers of protection in place to help keep our systems and data safe. There is no replacement for the human element in the equation. Watch out for emails and files received from unknown senders. Most importantly, check a sender’s email address for authenticity, don’t open unknown attachments or click on suspicious links. Avoid emails that ask them to share sensitive data such as account passwords or bank information. Also, no one from a help desk will ask you for your password via email or text message.