Tuesday, May 5, 2020
7 Ways Hackers and Scammers Are Exploiting Coronavirus Panic
1 — Mobile Malware Check Point Research uncovered at least 16 different mobile apps, which claimed to offer information related to the outbreak but instead contained malware, including adware (Hiddad) and banker Trojans (Cerberus), that stole users' personal information or generated fraudulent revenues from premium-rate services.
"Skilled threat actors are exploiting people's concerns about coronavirus to spread mobile malware, including Mobile Remote Access Trojans (MRATs), banker trojans, and premium dialers, via apps which claim to offer Coronavirus-related information and help for users," Check Point Research said in a report shared with The Hacker News.
All the 16 apps in question were discovered on newly created coronavirus-related domains, which have seen a huge spike over the past few weeks.
2 — Email Phishing In a separate report published today and shared with The Hacker News, cybersecurity firm Group-IB claims to have found that most COVOD-19 related phishing emails came with AgentTesla (45%), NetWire (30%), and LokiBot (8%) embedded as attachments, thereby allowing the attacker to steal personal and financial data.
The emails, which were sent between February 13 and April 1, 2020, masqueraded as health advisories from the World Health Organization, UNICEF, and other international agencies and companies such as Maersk, Pekos Valves, and CISCO.
3 — Discounted off-the-shelf Malware Group-IB's research also found more than 500 posts on underground forums where users offered coronavirus discounts and promotional codes on DDoS, spamming, and other malware services.
This is consistent with Check Point Research's earlier findings of hackers promoting their exploit tools on the darknet with 'COVID19' or 'coronavirus' as discount codes.
4 — SMS Phishing The US Cybersecurity and Infrastructure Security Agency (CISA) and the UK's National Cyber Security Centre (NCSC) also issued a joint advisory about fake SMS messages from senders such as "COVID" and "UKGOV" which contain a link to phishing sites.
"In addition to SMS, possible channels include WhatsApp and other messaging services," CISA cautioned.
5 — Face Mask and Hand Sanitizer Scams Europol recently arrested a 39-year-old man from Singapore for allegedly attempting to launder cash generated from a business email scam (BEC) by posing as a legitimate company that advertised the fast delivery of FFP2 surgical masks and hand sanitizers.
An unnamed pharmaceutical company, based in Europe, was defrauded out of €6.64 million after the items were never delivered, and the supplier became uncontactable. Europol had previously seized €13 million in potentially dangerous drugs as part of a counterfeit medicine trafficking operation.
6 — Malicious Software As people increasingly work from home and online communication platforms such as Zoom and Microsoft Teams become crucial, threat actors are sending phishing emails that include malicious files with names such as "zoom-us-zoom_##########.exe" and "microsoft-teams_V#mu#D_##########.exe" in a bid to trick people into downloading malware on their devices.
7 — Ransomware Attacks The International Criminal Police Organization (Interpol) warned member countries that cybercriminals are attempting to target major hospitals and other institutions on the front lines of the fight against COVID-19 with ransomware.
"Cybercriminals are using ransomware to hold hospitals and medical services digitally hostage, preventing them from accessing vital files and systems until a ransom is paid," Interpol said.
A running list of malicious websites and email addresses can be accessed here. For more tips on how to protect yourself from COVID-19 related threats, you can read CISA's advisory here.