Today, we already know that how Coronavirus is impacting worldwide. Overall, 7,000 cases have been confirmed till date. Now CyberCriminals Spreading ‘Coronavirus’ Malicious Files.
Cyber security researchers of IBM X-Force and Kaspersky have detected the malicious files with the name of Coronavirus.
Now, the cyber criminals are taking advantage of the Coronavirus crisis and spreading malicious files, called ‘Emotet’ malware attachment through an Email campaign.
Think before opening an Email attachment. If it executes, the malware is capable of modifying or copy data from the computer system through Email.
Most of the emails are written in the Japanese language, the email comes with a notification from public health centers along with an attachment file, which promises to provide details of Coronavirus infection prevention.
The attached Email is modified with Microsoft word, PDF docs, and Linked with a malicious payload of Emotet Malware, which is used to get user credentials, browser history, and private documents.
According to the researchers,
The subject of the emails, as well as the document filenames are similar, but not identical. They are composed of different representations of the current date and the Japanese word for “notification”, in order to suggest urgency.
In the email sample, the researchers found (translated)
"Jurisdiction tsusho / facility related disability welfare service provider We become indebted to. Patients were reported about the new type of coronavirus-related pneumonia, mainly in Takeshi, China. Patients have been reported in Gifu Prefecture in Japan, Therefore, please check the attached notice, Thank you for your infection prevention measures."
“The content of the document itself is just an Office 365 message, instructing the viewer to enable the content (which is malicious), in case the document has been opened in protected view.”
“After running the document through a sandbox, IBM researcher could retrace the infection process. If the attachment of another sample has been opened with macros enabled, an obfuscated VBA macro script opens powershell and installs an Emotet downloader in the background. This is the typical behaviour of most Emotet documents”
Kaspersky researchers also found malicious documents related coronavirus, disguised with PDF, mp4, docsfile and Video with instruction to protect from Coronavirus.
“The coronavirus, which is being widely discussed as a major news story, has already been used as bait by cybercriminals. So far, we have seen only 10 unique files, but as this sort of activity often happens with popular media topics then we expect that this tendency may grow. As people continue to be worried for their health, we may see more and more malware hidden inside fake documents about the coronavirus being spread,” said, Anton Ivanov, Kaspersky malware analyst.
Cyber security researchers are expecting more malicious activity from cyber threat actors with the name of Coronavirus. It will probably include other languages too, depending on the impact the Coronavirus outbreak has on the native speakers.
We should stay alert. Do not open any unknown E-mail attachment. BE SAFE ONLINE!