FormBook Malware Exploits Coronavirus Outbreak Fear Steals Screenshots and Keystrokes
Another Coronavirus themed phishing email campaign is sending FormBook malware to victims. This cyber attack tries to trick the reader into opening an email attachment disguised as Word Health Organization (WHO) information about the Coronavirus outbreak. If the victim opens the zipped email attachment it executes a file that begins a malware download and infects their device. FormBook malware is an info-stealer and has been used as spyware. This FormBook malware campaign captures screenshots of the infected computer’s desktop, read information that is copied to the clipboard, and records keystrokes. The malware can also clear the infected device’s browser cookies, downloading files, and executing them.
The newest phishing email campaign is disguised with informative and even colorful graphics designed to look like they are sent by the World Health Organization. The graphics, seen on Malware Hunters Twitter feed, even tell the reader how many gloves and masks have been used to fight the disease. The reader is also encouraged to read a pdf file to learn more information. The email has a zipped file attachment that supposedly offers stats and updates on COVID-19. The attachment contains a malicious executable called “MyHealth.exe,” which is disguised as an Excel spreadsheet, the researchers report. The Adobe .pdf is of course weaponized. Opening the attachment begins a malware download that infects your computer with FormBook malware. The reader is also encouraged to send a rely email to learn about grant money. Replying to any scam email only confirms to the hacker that the receiving email address is valid and monitored.
FormBook malware is an information-stealer malware that was first seen in 2016. FormBook malware was used previously to impersonate DHL in a phishing campaign. It was also used to exploit a pair of Microsoft Office exploits (CVE-2017-0199 and CVE-2017-11882) to spy on the infected systems.
Coronavirus Phishing Emails
Since January 2020, over 4,000 new coronavirus-related domain names were registered globally. Of those with websites, three percent are malicious and another five percent of the websites are suspicious. This is according to cyber security researchers at Check Point. In that same time, there has been an increase in the number of phishing and malware campaigns using delivering Emotet malware. Emotet is the most common malware used in cyber attacks against local governments and small businesses.
This is not the first or even second wave of new Coronavirus phishing email and malware. COVID-19 themed phishing campaigns started in Japan with similar, supposedly useful public health information send vis phishing emails. They were accompanied by email attachments that if opened would launch malware attacks.
London University launched an online course to help educate the public about the Coronavirus. When in doubt visit the World Health Organization website for virus information. Johns Hopkins University has an up-to-date map of all new cases.
Now is the time to educate employees increased cyber security related fraud targeting employees and consumers. Hackers are exploiting people’s fears about the COVID-91 outbreak as it spreads worldwide. Anyone can be targeted by a Coronavirus themed email that is cleverly disguised with supposedly helpful information, attachments, and maps. The emails are either phishing emails, malware downloads, or both.