Cybercriminals flooding web with coronavirus-themed spam and malware

There has been a sustained effort by cybercriminals to use the global concern about coronavirus to spread malware, steal credentials and perform massive spam operations since the end of January.

As the death toll has risen well past 1,000 and the virus continues to spread to more countries, hackers have expanded and evolved their coronavirus-themed attacks in a variety of ways.

A blog post from Proofpoint's senior director of threat research and detection, Sherrod Degrippo, on Thursday said hackers were now using conspiracy theories about the virus to sell fake cures or convince people to click on malicious links.

Cybercriminals were already using convincing but fake emails from the WHO, CDC and Japanese government to trick people into downloading PDF, MP4 and Microsoft Word DOCX files.

As the weeks have gone by, hackers have also expanded their attacks to include malware like Emotet and AZORult as well as information stealing malware like AgentTesla Keylogger and the NanoCore RAT.

Degrippo said Proofpoint researchers have also seen attacks targeting other industries like construction, education, energy, healthcare, retail, and transportation. Many of these attacks are targeting people in the United States as well as populations in Japan, Australia and Italy.

SEE: 10 ways to minimize fileless malware infections (free PDF) (TechRepublic Premium)

The shipping and manufacturing industry have taken massive hits because of the quarantines in China, and cybercriminals have sought to exploit that by bombarding companies with malware, spam and fake emails with links to sites like Office 365, Adobe and DocuSign hoping to steal emails and passwords.

One of the ways hackers have sought to attack enterprises is through emails purporting to come from an organization's president or someone's boss. The emails come with company letterhead and can generally seem like something a company's leader would send out.    "We have seen a campaign that uses a coronavirus-themed email that is designed to look like an internal email from the company's president to all employees shown. This email is extremely well-crafted and lists the business' president's correct name," Degrippo wrote.    "The messages contain a Microsoft Word attachment with an embedded URL that leads to a fake Microsoft Office website to enter credentials. Once the credentials are entered, the user is then redirected to the legitimate World Health Organization coronavirus information site, making the phishing transaction seem legitimate."   Proofpoint also found emails coming from fake Australian healthcare companies attempting the same scams.     Avishay Zawoznik, security research manager at Imperva, released a detailed report on spam operations centered around coronavirus fears and showed how cybercriminals were exploiting online interest in the virus to spread misinformation or lure people into buying fake cures.  The report includes two graphs showing clear links between the rise in Google searches for coronavirus and the number of bot requests for the term.   "For people searching for genuine information on coronavirus, this is polluting their online search results with fake and meaningless results. Not only does the content of this spam do nothing to help people in their quest to educate themselves on this global health risk, but bot operators are using technology to exploit the public's need for medical information in order to gain a few more clicks to their fake pharmacies," Zawoznik wrote.   Hackers are spamming the comment sections of popular websites hoping to trick people into clicking on links and to improve the ranking of websites related to the term "coronavirus."   The expansion in diversity of cyberattacks against industries like manufacturing, retail and transportation have prompted the government to step in with guidelines.    On Monday,  a consumer education specialist for the Federal Trade Commission, Colleen Tressler, wrote that scammers are "setting up websites to sell bogus products, and using fake emails, texts, and social media posts as a ruse to take your money and get your personal information."   "The emails and posts may be promoting awareness and prevention tips, and fake information about cases in your neighborhood. They also may be asking you to donate to victims, offering advice on unproven treatments, or contain malicious email attachments," she wrote.    Tressler detailed a number of ways people can keep themselves safe from attacks, including up-to-date anti-virus and anti-malware software. She also said people should be wary of links to sources you don't know, any emails about vaccinations or cures and donation websites.   "The U.S. Securities and Exchange Commission (SEC) is warning people about online promotions, including on social media, claiming that the products or services of publicly traded companies can prevent, detect, or cure coronavirus and that the stock of these companies will dramatically increase in value as a result," Tressler added.

Also see