SECURITY ALERT: US Users Targeted with Corona Virus Phishing Attacks

[harlan4096]

What malware gangs are using the Corona Virus as bait. How not to fall prey to this new Corona phishing scheme.

A new Corona Virus phishing scheme is taking the Western world by storm. Especially in the United States, but also in the UK and Western Europe or parts of Asia, hackers are using the Corona Virus scare for their own purposes. By baiting users into clicking malicious links, they steal credentials or deliver dangerous payloads of the latest malware and ransomware strains.

It’s not a complete novelty strategy-wise, considering how phishing attacks work in general. Something that tends to alert people to the gravity and urgency of the communication will always get exploited as bait. That’s why we have phishing schemes trying to impersonate government or judicial authorities, or police departments and so on.

This time, it’s the health scare regarding the Corona Virus potentially spreading from China’s Wuhan region. The Corona Virus phishing scheme is worth mentioning not just because a lot of users can be targets of it, due to the notoriety of the virus, but also because the risks involve some pretty high-profile payloads in addition to the stolen credentials.

How the Main Corona Virus Phishing Schemes Work

Especially after the World Health Organization (WHO) has declared the Corona Virus an international emergency in a statement released at the end of January, phishing campaigns using it have begun to spring up.

#1. Fake CDC Alerts

In one such phishing campaign, first spotted by KnowBe4 and further reported by Bleeping Computer, the attackers bait the victims with a list of active infections in their surroundings. In order to access the list and see if there are any outbreaks of the virus in your vicinity, you need to click a link that redirects you to a credential-stealing page.

This Corona Virus phishing email imitates the ones sent by the CDC Health Alert Network. The logo and everything else inside looks consistent with the authority allegedly sending out this warning. The targets are invited to join the coordinated effort to keep the virus at bay.

The malicious link first seems to go to the official CDC portal but then gets rerouted towards a malicious domain used for credential phishing. That means that victims are prompted to enter their Outlook login details, which then get stolen and used for malicious purposes.

It’s remarkable that this phishing email seems very well put together, imitating the style and feel of the official CDC alerts.

#2. Advice Emails from Fake Wuhan Medical Authorities

Another popular Corona Virus phishing campaign which also targets US and UK users is impersonating Wuhan medical specialists and claims to distribute advice for dealing with the virus. Besides listing a few common symptoms of the disease, the emails offer up an attachment with allegedly important medical advice.

Initially spotted by Mimecast, the Corona Virus phishing campaign tries to take advantage of the panic wave created by the virus. The email recipients are prompted to download the attachment with the note ‘This little measure can save you’.

If victims download the malicious PDF attachment, they also risk infecting their computer with a malware payload.

#3. Emotet payloads

Other Corona Virus phishing campaigns seem to have been launched by Emotet, especially in the Japan area. The mechanism of that campaign is similar: victims are tricked into clicking a malicious link in order to find out more about mandatory regulations for protection against the Corona Virus, but instead, they get delivered the Emotet payload as soon as they click the link. The banking Trojan is notoriously stealthy and difficult to remove once it enters your system.

Emotet is surely just one of the more notorious malware strains to jump on the Corona Virus phishing bandwagon. Other malware and ransomware gangs will probably try to use genuine public fear regarding this outbreak to their advantage. Stay vigilant and don’t believe every email you receive, no matter how legit it looks.
...

Continue Reading