COVID-19 – Attention Phishing Alert!

Spyware, malware, scam and spam, what'll it be?

In the last few days, massive phishing campaigns have been reported, aimed at spreading links to highly questionable sites and content. At first glance, the e-mails always seem to be related to the new COVID-19 virus, apparently originate from renowned organizations such as the WHO (World Health Organization) or the CDC (Center for Disease Control) and promise news about the coronavirus. Usually, a cost-neutral e-book is offered, which allegedly comes from the WHO.

This "My Health E-Book" allegedly contains complete research on the global pandemic as well as instructions for the protection of children and companies.

The reference to the current situation is intended to arouse interest, which leads the recipient to download and open the attachment as a zip file. The sender also points out that the e-book can only be read on a PC - other devices, such as smartphones or tablets, won’t work. At this point at the latest, the alarm bells should be ringing, but unfortunately this is often not the case. As soon as the file inside the MyHealth-Ebook.zip archive is opened, the device is infected with the malware it contains. This is the GuLoader, a so-called Trojan, which then loads further malicious code (Trojan FormBook) onto the computer. Browser data content as well as passwords and data from caches are landed and sent.

The e-mail looks like this, or something similar:

COVID-19 – Attention Phishing Alert
Source: Cyber criminals use the corona virus for malware attacks, Malwarebytes

The aim is to get users to click through the content and open corresponding links. Here, too, various malicious code is reloaded, often in "drive-by" mode, so that neither the user nor virus or malware scanners can detect the presence of the malware. If the user also has access to network drives or, in the worst case, to an active back-up drive, a contamination of the entire system can hardly be stopped.

In addition to scams such as this, cyber criminals also deceive their victims with information about alleged bank closures, curfews and imminent scarcity of essential supplies. Here again, links are offered which appear plausible and secure at first glance at the URL (Internet address), but which usually reveal their true identity at the mouse-over.

Since many employees are currently working from home, perhaps for the first time, everyone should be particularly vigilant, especially with regard to links and e-mail attachments. Special care should be taken if the email subject line is linked to the corona virus and the email does not come directly from your own organization.

Cybercriminals are increasingly taking advantage of the global pandemic by creating new ways to defraud people. Be vigilant!

Expert Support

Got questions? Contact us.

Share page