Exploring Various Ways in Which Hackers Are Milking the COVID-19 Scare

Exploring Various Ways in Which Hackers Are Milking the COVID-19 Scare

  • Hackers were spotted distributing trojans like Emotet, AZORult, AgentTesla Keylogger, and NanoCore to steal user credentials through coronavirus-themed attack campaigns.
  • Some attackers prompt users to download an application to keep them updated on the pandemic situation.

Hackers have a history of sabotaging and manipulating public emergencies for their own gains. Imagine how tempting an epidemic like Coronavirus disease (COVID-19) would be for the crooks. Recently, hackers have run several attack campaigns across various countries, taking advantage of the spread of the disease.

What is Covid-19?
The Covid-19 virus is a member of the coronavirus family spread through the droplets transmitted into the air from coughing or sneezing. Anyone in the surroundings can get affected if they mistakenly take in the virus through their nose, mouth, or eyes.

The virus made the jump from animals to humans late last year. On March 11, the World Health Organization (WHO) declared the Covid-19 a global pandemic, considering the concerns over its geographic spread.

But now, hackers have found a way to use the threat to inject malware into computers. Below, we discuss the various kinds of coronavirus-themed attacks observed by security researchers.

Researchers’ founding disclosure
More than 4000 coronavirus-related domains were registered globally. Of those, around 5% could be malicious and an additional 5% are suspicious.

  • Hackers were spotted distributing trojans like Emotet, AZORult, AgentTesla Keylogger, and NanoCore to steal user credentials through coronavirus-themed attack campaigns.
  • An email camouflaged to be from the director of Milan University surfaced in the name of steps to be taken to prevent further spread. The hackers’ motivation became clear when a malicious link asked for University user login details and passwords.
  • In one instance, attackers designed an email to stoke curiosity for an available cure. If they want to receive further information, they must click on the malicious link provided in the email.
  • One sophisticated attack method that researchers reported contained an MS Word document from the World Health Organization with an embedded URL that lead to a fake MS Office website.
  • Also, some attackers prompt users to download an application to keep them updated on the situation. It simply displays a map of how COVID-19 is spreading. When a user is on the page, attackers attempt to generate a malicious binary file and install it on their computer. Currently, this practice is only affecting Windows systems.

Final thoughts
U.S. officials have accused Russia of propagating misinformation about the coronavirus in a coordinated campaign. Thousands of Twitter, Facebook, and Instagram accounts —most of them tied to Russia—spurred nearly identical messages in different languages including English, German, and French, blaming the US for the outbreak.

Prevention tips

  • Avoid clicking on promotional links in emails.
  • If there is some general information that can be Googled and found, do that instead of clicking the link from a suspicious sender. 
  • Don’t click on baits such as an "80% discount on an exclusive cure" or "treatment for coronavirus".
  • If unsure about the authenticity of a website, don’t proceed with any login procedure.