COVID-19 Malware Running Amuck

We are in a unique time in human history. The COVID-19 pandemic not only requires vigilance in our personal hygiene and social distancing, it also requires our vigilance in what resources we use and trust online. Cyber criminals are already capitalizing on the focus being given to this topic.

Cyber criminals have launched enticing malware and phishing campaigns under the guise of offering coronavirus protection instructions, selling COVID-19 vaccines, current coronavirus developments, and detection techniques for COVID-19.

The World Health Organization (WHO) has issued a cyber security notice warning the public of cyber criminals posing as WHO representatives requesting money and sensitive information from contacted individuals. The WHO is not the only group experiencing these issues with impersonators: the US Center for Disease Control (CDC), Canadian Red Cross, and Public Health Agency of Canada (PHAC) have also reportedly experienced similar scams being conducted in their names.

Figure 1: World Health Organization (WHO) scam email example
Figure 2: Center for Disease Control (CDC) scam email example
Figure 3: Public Health Agency of Canada (PHAC) scam email example

State-sponsored threat actors have been busy harnessing the increased virtual coronavirus traffic to circulate their own forms of malware. This includes Chinese groups Mustang Panda and Vicious Panda, Russian Hades group, Pakistan's APT36, along with numerous other unconfirmed scams that are believed to be tied to known state-sponsored threat actors around the globe. The methods used vary from circulating emails with various forms of malicious attachments, to illegitimate websites used to distribute their payloads to visitors. The payloads are likewise varied, with each group favoring their own malware. These range from remote administration tools (RATs) to enslaving more zombies into known botnets such as Emotet.

Using tools such as VirusTotal to quickly scan downloads and attachments, or to verify the safety of a given URL, can greatly reduce your risk of falling victim to coronavirus scams and malware. Additionally, be warry of emails making fantastic claims around COVID-19 and, as always, exercise extreme caution with anyone asking for your credentials or other sensitive information via unexpected email and phone calls. Stay safe out there in the wild wacky world wide web.