In an attempt to capitalize on coronavirus fears, scammers are launching new phishing campaigns with false tips against the virus or links to purchase personal protective equipment to spread their malware among victims or steal their personal information.
The way in which these cybercriminals reach users is usually via WhatsApp messages or emails disguised as legitimate correspondence from reliable national or international, Spanish or Italian body or organization. All these messages prey on users’ concerns about the ongoing pandemic to lure them into downloading an attachment or clicking on a link.
CoronaVirus is the name of a new type of malware that spreads through an installation program downloaded from a phishing website. This malicious website, WiseCleaner.best, is a knock-off of WiseCleaner.com, a legitimate website providing free utilities for Windows that allows users to improve their computer’s performance. The legit WiseCleaner website offers a disk cleanup and defragmentation utility. The hackers are aware that during lockdowns, many users are taking the opportunity to do run maintenance tasks on their personal computers.
Once the malicious installer is downloaded and executed, it downloads and executes a series of files from a remote website. The first file it runs is an information stealer that retrieves cookies and login information from web browsers, instant messengers, VPN and FTP clients, email addresses, gaming accounts and other services.
Other times hackers resort to sending emails from addresses masquerading as legitimate addresses from a department of the company or organization that the user works for, in order to dupe him/her into downloading or installing a malicious attachment, such as in this case.
This email is addressed to “all” and indicates that the company is about to activate its protocol for contagious diseases prompting the user to download the appended pdf file for more information. Clicking on the document causes the malware software to download.
It is important to remain vigilant against any suspicious message, as scammers reinvent themselves and are always looking for new ways to hoax users.
In Italy, a campaign has been detected that is spread through a deceptive email from a fake email account from an alleged doctor working for the World Health Organization. The message warns about the rising number in cases in the reader’s region, and prompts recipients to download and open the appended document for more information.
Once the victim opens up the file, a message is displayed instructing him/her to click on the “enable content” button to properly view it.
And that’s when the malicious functions are executed, extracting several files that install and run the Trickbot malware.
The malicious program gathers information from the device, steals data and administrator credentials and scouts the user’s network for more information to then download another threat that encrypts files in all computers connected to the network.
Another message that is being disseminated invites users to open an attachment containing updated information about contagions.
These emails are sent from addresses masquerading as official organizations, such as the CDC, the U.S. Centers for Disease Control and Prevention. The appended email contains a list of coronavirus cases in the user's area.
In an attempt exploit users appetite for information on how the virus is spreading, the cybercriminals have embedded a malicious program in a map of virus infections by location. What it really does is hoax users into downloading and running a malicious application that compromises the device.
To avoid falling victim to this specific type of fraud, the most important thing is to:
- Refrain from opening coronavirus-related emails, except those coming from trustworthy sources. If not sure, it is advisable to cross-check the information with other sources.
And as general measure to detect malicious emails and against phishing, please observe the following tips:
- Verify the sender of the message, and, in case of doubt, use another channel to confirm its veracity, such as a smartphone.
- Check the destination address before clicking on a link.
- Be wary of messages urging you to take immediate actions.
- Do not download attachments or click on links you’re not expecting to receive or coming from sources you’re familiar with.
- Keep all your apps and devices up to date.
Also, the World Health Organization has created a section on its webpage to debunk some of the myths surrounding the virus and how it spreads.
In case of doubts, always check with reliable sources and ignore message threads and audio clips received via Whatsapp.
And remember, always, even under special circumstances, you’re the best defense.
If you want to find out the best ways to protect yourself online during the COVID-19 crisis, read the following articles: