Security Experts:

Coronavirus-Themed Emails Deliver Malware, Phishing, Scams

Several cybersecurity companies have spotted campaigns that use coronavirus-themed emails to deliver malware, phishing attempts and scams.

The new coronavirus outbreak, which started in China, has made a lot of headlines recently and has caused global panic. Over 40,000 infections have been confirmed and the death toll has exceeded 1,000. The virus has been named 2019-nCoV and Covid-19.

Given the virus’s impact, it’s not surprising that cybercriminals and fraudsters have been leveraging the panic for their own gain. Alerts about cyber threats exploiting the coronavirus outbreak have been issued by several firms and new campaigns continue to emerge.

One new campaign, spotted by researchers at Proofpoint this week, leverages the potential disruptions caused by the coronavirus to global shipping. The attackers seem to target industries such as manufacturing, industrial, finance, transportation, pharmaceutical and cosmetic.

In this operation, cybercriminals believed to be located in Russia and Eastern Europe are sending out emails with specially crafted Word documents set up to exploit a Microsoft Office vulnerability discovered back in 2017. If the flaw is successfully exploited, a variant of the AZORult information-stealing malware is delivered.

The malicious emails warn potential victims about the impact of the coronavirus on the shipping industry.

Coronavirus email delivers malware

Proofpoint and IBM reported in late January that they had observed malicious documents set up to deliver the notorious Emotet banking trojan. The operation has been attributed to a known cybercriminal group and it’s aimed at users in Japan.

Kaspersky has seen campaigns delivering malware via PDF, DOCX and MP4 files claiming to provide information on the new coronavirus. “The file names imply that they include virus protection instructions, current threat developments and even virus detection techniques,” Kaspersky said.

As for phishing campaigns, the most widely seen phishing emails purport to come from the World Health Organization (WHO) and the U.S. government’s Centers for Disease Control and Prevention (CDC).

The fake WHO emails, spotted by Sophos, claim to provide information on “safety measures regarding the spreading of corona virus.” The fake CDC emails, seen by AppRiver and KnowBe4, take it one step further and inform recipients that cases of the coronavirus have been confirmed in their city.

The links included in these emails take users to a webpage where they are asked to provide the username and password for their email account.

Fake WHO email leverages coronavirus outbreak

Malwarebytes has come across scam emails titled “URGENT: Coronavirus, Can we count on your support today?”. These messages ask recipients to make donations and direct them to an application through a link that appears to point to the website of Hong Kong's Department of Health.

While the malicious emails and phishing websites are not particularly sophisticated or well designed, many users are still likely to take the bait, including from their work devices, which can cause serious problems for enterprises that don’t have efficient security systems in place.

Imperva has reported seeing a sharp increase in comment spam campaigns leveraging the coronavirus. The individuals behind these operations have been posting comments on various websites in an effort to lure users to bogus pharmacies and other shady websites.

Related: Phishing Emails Deliver Amadey Malware to U.S. Taxpayers

Related: Phishing Campaign Impersonates DHS Alerts

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.