• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » Malware » Coronavirus Malware Attacks Increase

Coronavirus Malware Attacks Increase

2020-02-28 by Michelle Dvorak

Coronavirus malware

Coronavirus Malware Attacks Increase – Hackers Exploit Coronavirus COVID-19 Fear to Spread Malware

Cyber security researchers at IBM spotted new malware campaigns exploiting people’s concerns about the spread of the novel Coronavirus. It’s not unusual for cybercriminals to take advantage of global events, social phenomena, tragedies, or natural disasters to spread malware in order to maximize the impact. Opportunistic hackers are once again leveraging the novel Coronavirus, now formerly known as COVID-19, with virus themed emails and malware attacks. The attackers are attempting to deliver Emotet malware along with a Coronavirus countermeasures document to potential victims. The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) recently warned of a rise in Emotet malware attacks against businesses and small government entities. Kaspersky and IBM X-Force both have found a wave of new phishing emails loaded with malware capitalizing fear surrounding the coronavirus infection.

What is Emotet Malware?

Emotet malware is a banking Trojan. A banking Trojan, also known as a banker trojan, is a malicious computer code that redirects traffic from banking and financial websites to try and collect the victim’s confidential information like username and password from the infected device. Emotet malware, also known as, Geodo and Mealybug, steals user credentials stored in the victim’s web browser by eavesdropping on network traffic. More recent iterations of Emotet function as more of a downloader, or dropper, of other malware to the infect device.

The US Internal Revenue Service warned of two variations of phishing campaigns that also involves Emotet. The phishing email attachment is disguised as an IRS W-9 tax form. If downloaded, the attachment launches Emotet malware. In attack this month, CISA reported that an oil pipeline facility went offline for two days after a successful malware attack infiltrated process and control computers. Ransomware was delivered through a spear phishing campaign.

IBM XForce Emotet Coronavirus
Photo: IBM XForce Emotet Coronavirus

Coronavirus Malware Attacks

There are three variations of this email, all written in Japanese and structured as Office 365 messages. The phishing email encourages the recipients to open an MS Word document attachment that is supposedly a notice regarding infection prevention measures. Cyber security researchers from IBM X-Force found that the subject of the three variations are not identical, but similar.

With the first COVID-19 phishing email, the subject line claims to be a notice and the body of the email has language about reports of Coronavirus patients in the Gifu prefecture of Japan. The second sample is almost identical content but claims there is an outbreak in Osaka instead. And finally, the third phishing email talks about infections in Tottori prefecture. If the attachment of email number three is opened with macros enabled, an obfuscated VBA macro script opens PowerShell and installs an Emotet downloader in the background.

COVID-19 Course
COVID-19 Course

Malware campaigns and Coronavirus phishing emails were quick to emerge as the virus escaped China and started its spread across the globe. Hackers waste no time retooling their cyber attacks to look like helpful information for potential victims. One of the early Coronavirus themed malware campaigns, was spotted by Kaspersky Labs. The emails mostly targeted people in Australia, Austria, Barbados, Germany, Hong Kong, Japan, Malaysia, Singapore, Spain, Switzerland, the United Arab Emirates, the United Kingdom and the United States. This attack was deemed to be the work of hacking group TAS542.

Yet, another early Coronavirus phishing campaign claims to be from the United States Center for Disease Control (CDC) virologists. The email does contain some slightly useful information like helpful virus prevention tips to increase its credibility and the likelihood the recipient will click on links or open attachments. The email of course, is malicious and contains malware downloaders.

How to Detect Fake Coronavirus Emails

It is important that individuals scrutinize their personal and work emails very carefully. Once a device is infected, it can pass the malware or computer virus to other devices – from home to work or the other way too. If someone were to view a malicious malware attachment on their home laptop and work computer, both devices could be infected. Phishing emails use scare tactics and a sense of urgency to get the person to act quickly and not think too long about the consequence of their actions. In the case of a spear phishing emails, the contents of the email may be personalized with the recipient’s name, workplace, or other information gleaned from social media or a work website.

  1. Do not open emails if you do not know the sender. Look carefully at the email box name, not just the friendly name. If you don’t understand the difference between these two, the read our guide on how to spot a phishing email
  2. Never open email attachments if you were not expecting something from someone you know. When in doubt, call or message the sender to see if the email is legitimate
  3. Disable macros on your Microsoft products like Word and Excel. Malicious macros are a top way to deliver malware
  4. Don’t open ANY Corononavirus COVID-19 emails. Stay Informed about COVID-19. Get rolling updates directly from the World Health Organization website

Filed Under: Malware

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version