Cybercriminals Use Coronavirus-Themed Spam to Spread Malware

Coronavirus Malspam Campaign

The Wuhan coronavirus (also known as 2019-nCoV) is still dominating the news, and unfortunately, this is unlikely to change any time soon. The death toll rises at an alarming rate, and people are on the verge of panic, which is good news for cybercriminals.

Over the last few days, hackers have been using coronavirus-themed spam emails to distribute malware. According to ThreatPost, researchers from Kaspersky and IBM's X-Force have detected several different malspam campaigns that use the deadly virus as a lure.

Many spammers try to take advantage of the coronavirus outbreak

Apparently, the emails Kaspersky's researchers detected were sent by several different groups of hackers. Unfortunately, the experts didn't go into too many details on how the traps were set. There isn't a whole lot of information on the contents of the email and the attached malware, either.

The researchers did say, however, that they've seen ten different attachments distributing a wide variety of trojans and worms that can steal, destroy, and modify data and interfere with the way your computer and network works. The files use the coronavirus as bait and are disguised as PDF and DOC documents as well as MP4 videos.

Some spammers put more thought into their campaigns than others

Unlike Kaspersky, IBM reported on a single campaign organized by what looks like a group of more sophisticated cybercriminals. The hackers use a botnet to fire a large number of emails at users in various bits of Japan.

The messages are in Japanese, and they're purportedly coming from a local disability welfare service provider. The victims are fooled into thinking that the email is sent from organizations in their own prefectures, which makes the message look far more convincing, and for good measure, the criminals have included the correct contact details for the said organizations in the footer.

The victims are told that new cases of the coronavirus have been registered in their region, and they are urged to open an attached Word document, which supposedly gives them tips on what they can do to protect themselves. Those who do open the attachment, however, see a generic Office 365 message urging them to click the "Enable Content" button. When that's done, macro instructions run an obfuscated VBA script, which downloads and installs Emotet on their computer.

The hackers have really tried to maximize their chances of success with this campaign. Japan's geographical proximity to the epicenter of the outbreak, coupled with the convincing-looking emails, can certainly fool a lot of people. Even campaigns that are not as well-engineered as this one can succeed, however, because people are completely terrified by the threat of the new coronavirus.

The disease is indeed pretty horrific, and the news coming from China and other parts of the world isn't very good. People are scared, which gives scammers a brilliant opportunity to deceive them in many different ways.

The sad truth is, no matter how horrifying the news reports are, you must keep your wits about you, both online and in the real world.

February 3, 2020

Leave a Reply