Schemers Are Selling Fake Coronavirus Kits, Scamming Johns Hopkins' Patients, Impersonating WHO Officials

Coronavirus Spam Malware Scams

Last week, the World Health Organization (WHO) declared the COVID-19 outbreak a pandemic, which was always going to put some of us in a state of panic. It's fair to say, however, that by then, people were already quite worried. The novel virus had spread quickly in China and had affected many countries in other parts of the globe, with Italy and Iran suffering the most. Officials the world over asked people not to panic, but perhaps not surprisingly, their pleas fell on deaf ears. People were sent to work at home, some of them went on mad stockpiling sprees, and Wall Street investors got horrible flashbacks of the 2008 financial crisis when they saw how the stock market reacted to the outbreak.

Regardless of who you are and what you do for a living, COVID-19 has most likely affected you in some way. You probably won't be too surprised to hear that the cybersecurity landscape has also been impacted.

For months now, hackers and con artists have been using the panic around the new coronavirus to pull off a number of different cyberattacks and schemes. Whether they're trying to spread misinformation or infect users with malware, the new disease has become an integral part of the plan for many cybercriminals. Today, we'll run you through some of the major scams revolving around the coronavirus, and we'll hopefully help you understand what you should look out for.

Crooks impersonate WHO and other major organizations in order to benefit from the coronavirus panic

In January, we touched upon the spreading of fake news around the coronavirus outbreak, and it should come to you as no surprise that the wave of misinformation hasn't really stopped.

Researchers from ESET recently wrote about a new wave of emails that try to fool you into clicking a link that supposedly contains more information about the outbreak. The experts didn't go into too many details about where this link leads you, but they did note that the message it came in looks rather convincing. The crooks have crafted the email to look like it's coming from the World Health Organization itself. It has WHO's logo on it, and it doesn't appear to have too many grammatical and formatting mistakes, which might just be enough to fool some people.

There have been so many scams relying on the hysteria around the new virus, that the WHO itself has decided to warn people about them. The crooks have been trying to sell masks and hand sanitizers at an extortionate rate, they've been trying to get people to donate bitcoins for the quicker development of a vaccine, and they've even tried to impersonate major news outlets like the Wall Street Journal with the goal of generating clicks and ad revenue.

COVID-19 is at the bottom of quite a few malware infections as well

Obviously, if the urge to click on coronavirus-themed emails is that strong for so many people, then naturally, the crooks will try to do more than just spread false information. Last month, security researchers reported on several spam campaigns that used the coronavirus outbreak as a theme in order to get people to open malicious attachments. More recently, however, a new wave of COVID-19 malware made the news, and this time, the operation appears to be a lot cleverer.

As you can see from one of our reports from last week, the crooks created an executable file that promised victims to give them an interactive map full of live statistics on the spread of the virus. The researchers were a bit astonished to find out that the map was fully functional, and even the data it displayed was correct. What was less shocking, however, was the fact that in the background, it infected people's computers with the AZORult information stealer.

Further investigation by Brian Krebs revealed that the malicious executable was a carbon copy of a tracker created by Johns Hopkins University. Krebs also told us that for a while now, this downloader has been changing hands on a Russian underground forum for between $200 and $700, which suggests that it could be used in other campaigns as well.

Security experts recently stumbled upon a mobile application that promises more or less the same functionality but locks Android devices, and there is now a ransomware family for Windows computers that was named after the coronavirus.

Why is the coronavirus such a good bait?

Significant worldwide events always provide a solid foundation for the social engineering that is often integral to malware campaigns and online scams. With the coronavirus, however, the crooks have a higher chance of success than usual, and the reason for this is very simple – people are scared.

The death toll is significant, which inevitably frightens many, and the drastic containment measures strike even more fear in the population. It's a normal human reaction, and the unfortunate side effect of it is that users are more likely to believe an unsolicited email or a clickbait news headline.

This is not the first crisis humankind has ever been faced with, and it almost certainly won't be the last. Panicking isn't going to help, and we know it, but we also know that the countless urges to stay calm aren't really doing that much. Nevertheless, you should be aware of what you're up against, both in the real and in the online world. If you are, you have a much better chance of staying safe.

By Duran
March 17, 2020
March 17, 2020

Leave a Reply