Coronavirus malware multiplies

Kaspersky reports that its researchers have found multiple COVID-19-related malicious e-mail campaigns and hundreds of downloadable files that attempt to infect users’ devices with threats.

While news on the coronavirus spread continues to appear and dominate the headlines, attackers are also looking for opportunities to use this topic for malicious purposes. This is a very dangerous practice, says Kaspersky, as it exploits people’s concerns for their health and safety of their beloved ones in attempt to pressure them into falling for a trick.

The researchers have detected malicious files that were masked under the guise of pdf, mp4 and docx files about the coronavirus. The names of files imply that they contain video instructions on how to protect yourself from the virus, updates on the threat and even virus detection procedures, which is not actually the case. In fact, these files contained threats to users’ devices.

“The coronavirus, which is being widely discussed as a major news story, has already been used as bait by cybercriminals,” says Anton Ivanov, malware analyst at Kaspersky. “Now, the number of users whose devices have had malicious files named after the coronavirus on them has risen to 403 in 2020, with a total of 2,673 detections and 513 unique files distributed. While the numbers rose significantly compared to the initial statistics we have shared, this threat is still rather minimal.”

Some malicious files are spread via email. For example, an Excel file distributed via email under the guise of a list of coronavirus victims allegedly sent from the World Health Organization (WHO) was in fact a Trojan-Downloader, which secretly downloads and installs another malicious file. This second file was a Trojan-Spy designed to gather various data, including passwords, from the infected device and send it to the attacker.

Security researcher at Kaspersky, Tatyana Scherbakova, has elaborated on the mechanics of such scams: “We were detecting emails offering products such as masks leading to phishing websites or fake offerings of vaccines, since the COVID-16 epidemic started. Yet lately we saw more elaborate spam campaigns that mimic the World Health Organization (WHO). Cybercriminals recognise the important role WHO has in providing trustworthy information about the coronavirus. Users receive emails allegedly from WHO, which supposedly offer information about safety measures to be taken to avoid infection. Once a user clicks on the link embedded in the email, they are redirected to a phishing website and prompted to share personal information, which ends up in the hands of cybercriminals. This scam looks more realistic than other examples we have seen lately”.

In the meantime, governments and businesses across the world are increasingly encouraging home working in a bid to slow the spread of COVID-19/coronavirus. It is likely that, where feasible, companies will allow more people than ever before to work remotely, so now is a good time for organisations to re-examine security around remote access to corporate systems. Once devices are taken outside of a company’s network infrastructure and are connected to new networks and Wi-Fi, the risks to corporate information increase.

“We would encourage companies to be particularly vigilant at this time, and ensure employees who are working at home exercise caution,” says David Emm, principal security researcher, Kaspersky. “Businesses should communicate clearly with workers to ensure they are aware of the risks, and do everything they can to secure remote access for those self-isolating or working from home. In addition to the increase in remote working, we have also seen cybercriminals trying to piggyback on the virus, hiding malicious files in documents purporting to relate to the disease. So, with this opportunistic approach by criminals, coupled with changes to working habits, it’s wise for businesses to be extra vigilant at this time.”

There are a number of simple steps that can be taken to reduce the cyber-risks associated with coronavirus.

If you are an individual, Kaspersky advises the following:

• In order to stay safe, we advise users to carefully study the content of the emails they receive and only trust reliable sources. If you are promised a vaccine for the virus or some magic protective measures, or content of the email is making you worried, it has most likely come from cybercriminals.
• When downloading files, pay attention to the file extension. Even if you download TV show episodes from a source you consider trusted and legitimate, the file should have an .avi, .mkv or mp4 extension. Do not download the file if it is an .exe.
• Use reliable security solution for comprehensive protection from a wide range of threats, such as Kaspersky Security Cloud.

If you are a business, consider taking the following steps:

• Provide a VPN for staff to connect securely to the corporate network.
• All corporate devices – including mobiles and laptops – should be protected with appropriate security software (e.g. allowing data to be wiped from devices that are reported lost or stolen, segregating personal and work data, along with restricting which apps can be installed).
• Always implement the latest updates to operating systems and apps.
• Restrict the access rights of people connecting to the corporate network.
• Ensure that staff are aware of the dangers of responding to unsolicited messages.