Cybercriminals Use 'COVID-19' as Discount Codes to Buy Malware
The coronavirus pandemic has been described as one of the biggest challenges humankind has faced over the last few decades, and if you think that this is an exaggeration, you need to think again. As of the time of writing, there are close to a quarter of a million confirmed cases, and the death toll sits at a little over 10 thousand. Governments are imposing restrictions of all sorts in an attempt to stop the spread of the virulent disease, much of the civilized world's economy is pretty much at a standstill, and the effects of all the measures will likely be much more long-lasting than the pandemic itself. In the underground cybercrime world, however, all is well.
Cybercriminals have taken notice of COVID-19
While most people are trying to come up with ways of dealing with the situation, others are trying to take full advantage of it. For the past couple of months, cybercriminals have exploited the COVID-19 outbreak in various ways. They have used the panic surrounding it and the demand for news to spread misinformation, they've weaponized tracking tools to distribute data-stealing malware, and they've even used coronavirus-related news to make their malicious payloads harder to detect.
As more and more people are forced to stay at home, the time they spend on their computers is increasing, which means that if anything, the COVID-19 outbreak might actually have a positive effect on the hackers' business. In fact, Checkpoint researchers have found evidence that this might indeed be the case.
Malware and stolen goods traders offer discounts amid the Coronavirus pandemic
It looks like the coronavirus is fueling competition and creating a healthy business environment on the dark web.
A malware trader offers a special 10% coronavirus discount. Source: Checkpoint
As you can see from the screenshot above, one of the crooks has organized a special sale and offers a 10% "CoronaVirus discount" on all of the products they're selling. Those who take advantage of the offer will get a few hacking tools on the cheap, and they'll need to thank an infectious disease for it.
A group of hackers offer to hack Facebook accounts at a 15% discount to people who use the "COVID-19" code. Source: Checkpoint
Bargain-hunting cybercriminals might also be interested in what a group of hackers called SSHacker has to offer. A generous 15% discount is awaiting everyone who wants to use SSHacker's Facebook hacking services. All shoppers need to do is use the "COVID-19" discount code during the checkout process.
A MacBook Air offered for less than $400 on an underground market. Source: Checkpoint
COVID-19 discounts aren't limited to hacking tools and services. As you can see from the screenshot above, people who roam the dark web in search of some
stolen cheap hardware can take advantage of a "Corona Special Offer" and get a MacBook Air for just $390. As you might imagine, the origin of the device remains unknown.
All in all, the underground business is thriving despite the pandemic. The opportunities for a quick and easy profit are plentiful, and most crooks are not going to turn them down. That being said, some criminals seem to be understanding the seriousness of the situation. You might even go as far as saying that they're showing something close to compassion.
The Maze ransomware gang announce that they'll offer discounts for their victims
Catalin Cimpanu, a security reporter for ZDNet, recently stumbled upon an "official press release" issued by the operators of the Maze ransomware, which he shared with his Twitter followers.
Maze ransomware gang "official press release" on coronavirus pandemic
Oh... bless their souls.... and then set them on fire! pic.twitter.com/ygYAcejtIJ
— Catalin Cimpanu (@campuscodi) March 19, 2020
The crooks said that in the middle of a global pandemic, they want to "help commercial organizations as much as possible." Because of this, all companies who have been hit by their ransomware will have the chance to get their data decrypted at a discount. The announcement also states that, at least for now, the Maze ransomware will not be attacking medical and healthcare organizations of any kind. What the crooks didn't say is why they're referring to their victims as "partners."
It's hardly a lesson in altruism, but it is more than what we've seen from other hacking groups.