Virtual Event Today: Supply Chain Security Summit - Join Event In-Progress

Security Experts:

Connect with us

Hi, what are you looking for?



Coronavirus-Themed Emails Deliver Malware, Phishing, Scams

Several cybersecurity companies have spotted campaigns that use coronavirus-themed emails to deliver malware, phishing attempts and scams.

Several cybersecurity companies have spotted campaigns that use coronavirus-themed emails to deliver malware, phishing attempts and scams.

The new coronavirus outbreak, which started in China, has made a lot of headlines recently and has caused global panic. Over 40,000 infections have been confirmed and the death toll has exceeded 1,000. The virus has been named 2019-nCoV and Covid-19.

Given the virus’s impact, it’s not surprising that cybercriminals and fraudsters have been leveraging the panic for their own gain. Alerts about cyber threats exploiting the coronavirus outbreak have been issued by several firms and new campaigns continue to emerge.

One new campaign, spotted by researchers at Proofpoint this week, leverages the potential disruptions caused by the coronavirus to global shipping. The attackers seem to target industries such as manufacturing, industrial, finance, transportation, pharmaceutical and cosmetic.

In this operation, cybercriminals believed to be located in Russia and Eastern Europe are sending out emails with specially crafted Word documents set up to exploit a Microsoft Office vulnerability discovered back in 2017. If the flaw is successfully exploited, a variant of the AZORult information-stealing malware is delivered.

The malicious emails warn potential victims about the impact of the coronavirus on the shipping industry.

Coronavirus email delivers malware

Proofpoint and IBM reported in late January that they had observed malicious documents set up to deliver the notorious Emotet banking trojan. The operation has been attributed to a known cybercriminal group and it’s aimed at users in Japan.

Kaspersky has seen campaigns delivering malware via PDF, DOCX and MP4 files claiming to provide information on the new coronavirus. “The file names imply that they include virus protection instructions, current threat developments and even virus detection techniques,” Kaspersky said.

As for phishing campaigns, the most widely seen phishing emails purport to come from the World Health Organization (WHO) and the U.S. government’s Centers for Disease Control and Prevention (CDC).

The fake WHO emails, spotted by Sophos, claim to provide information on “safety measures regarding the spreading of corona virus.” The fake CDC emails, seen by AppRiver and KnowBe4, take it one step further and inform recipients that cases of the coronavirus have been confirmed in their city.

The links included in these emails take users to a webpage where they are asked to provide the username and password for their email account.

Fake WHO email leverages coronavirus outbreak

Malwarebytes has come across scam emails titled “URGENT: Coronavirus, Can we count on your support today?”. These messages ask recipients to make donations and direct them to an application through a link that appears to point to the website of Hong Kong’s Department of Health.

While the malicious emails and phishing websites are not particularly sophisticated or well designed, many users are still likely to take the bait, including from their work devices, which can cause serious problems for enterprises that don’t have efficient security systems in place.

Imperva has reported seeing a sharp increase in comment spam campaigns leveraging the coronavirus. The individuals behind these operations have been posting comments on various websites in an effort to lure users to bogus pharmacies and other shady websites.

Related: Phishing Emails Deliver Amadey Malware to U.S. Taxpayers

Related: Phishing Campaign Impersonates DHS Alerts

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...