The latest Global Threat Index report for January 2020 claims that that cybercriminals are exploiting interest in the epidemic to spread malicious activities, with several spam campaigns relating to the outbreak of the virus.
Right after the huge global attention around the coronavirus, cybercriminals started using the interest to spread their malicious activity. In January and February 2020 “the most prominent coronavirus-themed campaign” targeted Japan, distributing a trojan called Emotet in malicious email attachments pretending to be sent by a Japanese disability welfare service provider, says the report. The emails appear to be reporting where the infection is spreading in several Japanese cities, encouraging the recipients to open the document for more information. Once he/she opens the document, Emotet trojan is downloaded on to his/her device.
Emotet is an advanced, self-propagating and modular trojan. Originally a banking Trojan, off late it has been used as a distributor of other malware and malicious campaigns. It can also spread through phishing spam emails containing malicious attachments or links.
In addition to email campaigns, there has also been a noticeable rise in the number of new websites registered with domain names related to the virus. The research firm claims that many of these domains are probably being used for phishing.
Check Point spotted and claims to protect online users from websites known to be related to malicious activities that lure them to their websites with discussions around the virus, as well as from scam websites that claim to sell face masks, vaccines, and home tests that can detect the virus.
An example of such a website is vaccinecovid-19.com. It was first created on February 11, 2020 and registered in Russia. The website is insecure, and offers to sell “the best and fastest test for Coronavirus detection at the fantastic price of 19,000 Russian rubles (about $300)”.
The website also offers pieces of news and a heat map of the coronavirus spread, but on closer look one can see that it is immaturely designed, providing instructions and comments such as “ a place for a beautiful subtitle” (in English translation).