<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=900254546818932&amp;ev=PageView&amp;noscript=1">
August 6, 2020 (877) 771-2384 sales@wheelhouseit.com Fort Lauderdale · New York · Los Angeles

How Hackers Use COVID-19 Fears to Spread Malware

Nick B
By Nick B

While businesses and consumers alike have been concerned about staying healthy and the impact of quarantines and lockdowns on daily life in the wake of the novel coronavirus infection, COVID-19, that has been named a global pandemic, malicious coders have found a way to use those worries to their advantage.

As COVID-19 spreads throughout the physical world, computer viruses such as TrickBot, Lokibot, and AgentTesla are spreading digitally. This malware steals information from the computers it infects. How has this happened?

Computer viruses are not new, and neither is the specific method that hackers are using to defraud users. Some of these phishing attempts come in the form of legitimate-appearing emails that encourage users to log in. However, when recipients click the links in those messages, they arrive at fake sites that save their login data. A hacker can then use this data to log into the actual website with the victim's credentials.

If the victims use the same login data for multiple sites, hackers can access even more of their information and money. However, hackers may be able to sell information gleaned from phishing attacks for an even bigger payout.

Recorded Future reports that one of the recent phishing messages impersonates Nguyen Xuan Phuc, the prime minister of Vietnam, and encourages users to download an archive that supposedly contains his statements about the pandemic. When recipients click on these files, however, malicious code is downloaded to their systems and reports back to the group's server.

A group called Mustang Panda, which has been described as a persistent threat with ties to China by security firm CrowdStrike, is behind some of these recent phishing attacks. In the past, the group has been known to target American think tanks and non-government organizations.

Another group with ties to Iran has scammed Iranian citizens into downloading an Android app that ostensibly tracks the COVID019 outbreak. In actuality, the app tracks the location and movement of malware victims. In the case of malware known as AZORult, the malware is able to download itself to victim's computers once they click a link that will supposedly show them an outbreak map.

These are just several examples of malware related to the recent COVID-19 pandemic, however. In a recently published report by Malwarebytes, Pakistani group APT36 has been disseminating a spreadsheet that was supposedly a health advisory but downloads a trojan known as Crimson to the user's computer instead. This malware can steal credentials and taking screenshots of the infected computer.

Users should beware phishing attacks like these, which are likely to continue. XSS, a Russian forum for cybercriminals, advertised phishing kits that display real-time information from the World Health Organization. Would-be hackers can spend just $200 to gain access to this kit, which exploits citizens' fear amid the COVID-19 outbreak.

However, it's not just citizens who should be on alert for these malware attacks. The vice president of information security at Interfaith Medical Center in New York, Chris Frenz, relates that scammers are pretending to be from the Centers for Disease Control and Prevention. But when recipients click the included link, malware deploys on their computers. Frenz also warns that scammers might try to take advantage of the shortage of necessary medical supplies, including gloves and masks.

Because hospitals are under so much pressure, staff members may not take the proper precautions to verify the identity of a message's sender before clicking these links. This has prompted The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency to advise organizations to "adopt a heightened state of cybersecurity."

As more employees start working remotely, sometimes from personal devices, organizations must implement security processes to event malware like that of 2018's SamSam, which ransomware, which infiltrated Hancock Health in Indiana. One such option is to utilize a VPN when employees sign on remotely. Ransomware hijacks a user's system unless they pay up. Even then, scammers may not be true to their word.

When they can, hackers are not afraid of spreading misinformation, either. The United States Department of Health and Human Services website experienced a website hack that involved false information, in just one example of this behavior.

While these hackers are taking advantage of the alarm -- and sometimes panic -- caused by COVID-19, it's only the most recent current event that has provided such an opportunity. This has lead security firms to be nearly as busy as medical professionals.

Users sure remember security best practices in the face of these threats.

  • Carefully examine messages for signs of veracity.
  • Only sign in to sites by typing the URL into your browser. Do not click links in messages.
  • Do not download email attachments before scanning them with antivirus software.
  • Access government and medical websites directly for updates about COVID-19.

Businesses can contact us for more security advice.

These practices will protect users against cyber attacks and not just those related to COVID-19, allowing us to focus on staying healthy and safe.

phishing, cyber security, malware

Interested in learning more about WheelHouse IT?

We’re Very Social!

CISA Security Alerts

New call-to-action