Beware of the other virus, the spread of Coronavirus-themed Malware

By : Krishna Anindyo | Thursday, February 20 2020 - 14:46 IWST

Coronavirus themed Malware (Images by Novel coronavirus COVID-19 FDA)
Coronavirus themed Malware (Images by Novel coronavirus COVID-19 FDA)

INDUSTRY.co.id - While the world attempts to take control over the spread of the Coronavirus, and tries to contain, eliminate and prevent it from spreading, hackers around the globe have found the Coronavirus serving them well as an enabler for their activities. 

Our latest Global Threat Index for January 2020 shows cyber-criminals are exploiting interest in the global epidemic to spread malicious activity, with several spam campaigns relating to the outbreak of the virus. 

Viruses can be transmitted in various forms, through saliva, touch or even through air, and malware is similar in the sense that it finds different vectors to penetrate.

Right after the huge global attention around the Coronavirus, cyber criminals started using the interest to spread their malicious activity. The graph below shows the trend line of the overall search for Coronavirus by Google Trends, compared to the trends we observed in social media discussions on cybersecurity and cyber-crime mentioned in relation to the virus.

In January and February 2020 the most prominent Coronavirus-themed campaign targeted Japan, distributing Emotet in malicious email attachments pretending to be sent by a Japanese disability welfare service provider.

The emails appeared to be reporting where the infection is spreading in several Japanese cities, encouraging the victim to open the document for more information. When the document was opened, Emotet was downloaded onto the victim’s computer.

Emotet is an advanced, self-propagating and modular Trojan. It was originally a banking Trojan, but recently has been used as a distributor of other malware or malicious campaigns. It uses multiple methods to maintain persistence and evasion techniques to avoid detection. It can also spread through phishing spam emails containing malicious attachments or links.

In addition to email campaigns, since the Coronavirus outbreak, we have observed a noticeable number of new websites registered with domain names related to the virus.

Many of these domains will probably be used for phishing attempts. As for now, Check Point already spotted and protects online users from many websites known to be related to malicious activities that lure the victims to their websites with discussions around the virus, as well as from scam websites that claim to sell face masks, vaccines, and home tests that can detect the virus.

An example of such a website is vaccinecovid-19\.com. It was first created on February 11, 2020 and registered in Russia. The website is insecure, and offers to sell “the best and fastest test for Coronavirus detection at the fantastic price of 19,000 Russian rubles about US$300”.

The website also offers pieces of news and a heat map of the Coronavirus spread, but on closer look one can see that it is immaturely designed, providing instructions and comments such as “ a place for a beautiful subtitle”.

Ensure you are ordering goods from an authentic source. One way to do this is not to click on promotional links in emails, and instead Google your desired retailer and click the link from the Google results page. Beware of “special” offers. An 80% discount on a new iPhone or "an exclusive cure for Coronavirus for $150" is usually not a reliable or trustworthy purchase opportunity.

Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.
Protect your organisation with an holistic, end to end cyber architecture, to prevent zero-day attacks

News Comment

Today's Industry

Indonesian Ambassador to the United Nations Darmansjah Djumala receives award from the IAEA and the FAO in Vienna, Austria, Monday (20/9). (Photo: PR of BRIN)

Rabu, 22 September 2021 - 19:30 WIB

Indonesia Wins Award on Food Plant Breeding from FAO, IAEA

Indonesia has received an outstanding achievement award from the Food and Agriculture Organization (FAO) and the International Atomic Energy Agency or IAEA.

Deputy Cabinet Secretariat for Administrative Affairs Farid Utomo on the event, Tuesday (21/09). (Photo by: PR/Oji)

Rabu, 22 September 2021 - 19:00 WIB

PANRB Ministry Holds Bureaucratic Reforms, Performance Accountability System Evaluation at Cabinet Secretariat

Ministry of State Apparatus Empowerment and Bureaucratic Reform (PANRB) conducted the 2021 Evaluation of Performance Accountability System of Government Institutions (SAKIP) and Bureaucratic…

Photo caption: Foreign Minister Retno Marsudi attends the 65th International Atomic Energy Agency (IAEA) through video conference, Monday (20/9). (Photo by: Ministry of Foreign Affairs PR)

Rabu, 22 September 2021 - 18:00 WIB

Indonesia Calls for Nuclear Energy Use for Peaceful Purposes

During General Conference of the 65th International Atomic Energy Agency (IAEA) held on Monday (20/09), Indonesian Minister of Foreign Affairs Retno LP Marsudi called for the use of nuclear…

President Jokowi inaugurates Hot Strip Mill Factory #2 owned by state-owned steelmaker PT Krakatau Steel in Cilegon city, Banten province (21/09/2021). (Photo by: Presidential Secretariat’s Press, Media, and Information Bureau/Laily Rachev)

Rabu, 22 September 2021 - 17:15 WIB

SOEs Must Continue to Transform Despite Pandemic, President Jokowi Says

The transformation of state-owned enterprises (SOEs) must continue despite COVID-19 pandemic, according to President Joko “Jokowi” Widodo.

President Jokowi inspects and inaugurates Hot Strip Mill #2 Factory owned by PT Krakatau Steel (Persero) Tbk, in Cilegon city, Banten province, Tuesday (21/09). (Photo by: BPMI/Laily Rachev)

Rabu, 22 September 2021 - 16:57 WIB

President Jokowi Inaugurates Latest Technology Steel Factory in Banten

In a series of his working visits to Banten province, President Joko “Jokowi” Widodo, on Tuesday (21/09), visited and inaugurated Hot Strip Mill #2 Factory owned by the largest steelmaker…