Coronavirus – hackers exploit fear of infection to spread malware

Graham Cluley

Coronavirus - hackers spread malware exploiting outbreak

Coronavirus - hackers spread malware exploiting outbreak

With sad predictability cybercriminals appear to be exploiting the Coronavirus outbreak that occurred in Wuhan, mainland China, and is now causing new infections around the world.

Researchers at IBM say that they have seen poisoned emails being sent to Japan, urging the recipient to open an attached Word document.

Emotet email example

In one example the email claims that Corona virus infections have been reported in the Gifu Prefecture in Japan, and that details of infection prevention measures can be found in the attachment.

However, opening the Word document leads to a message telling the recipient to enable macros, which will ultimately mean the Emotet malware is downloaded onto the computer.

Msword doc

Cybercriminals are well-versed in social engineering, and realise that there are certain topics that will be more likely to trigger recipients into opening a dangerous attachment or clicking on a malicious link than others: for instance, a love letter, a missed parcel delivery, an unexpected purchase on your credit card, or a surprise parking ticket. All these disguises have been used time and time again to infect users’ computers.

Whether in this case the attackers have simply stolen existing messages from a compromised health centre in Kyoto and attached their malicious payload, or conjoured up the messages themselves, is hard to say definitively.

But it’s not really an important question. What we do know is that health advice around Coronavirus is something that will be of a great deal of interest to people in some parts of the world right now, and so these emails certainly fit the bill.

Meanwhile, in a brief blog post on its Spanish-language website, Kaspersky confirmed it had seen other malware spread via email, posing as video instructions on how members of the public could protect themselves from infection.

The malicious attachments included PDFs, MP4 movie files and Word documents.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.