With the ongoing unfortunate situation of the Coronavirus continuing to happen all around us, attackers are taking advantage of both the situation and vulnerable individuals seeking in-formation/updates. No matter what the circumstance is, the attackers are getting more and more creative.

Malware, phishing and BEC campaigns that are taking advantage of the COVID-19 situation are popping up all around the world. From what we are seeing in our global clients, it only looks like this is just the beginning!

Our system identifies multiple campaigns like these on an hourly basis and with the ongoing work of our IR and Research teams, we will continue to monitor new, creative and unique COVID-19 campaigns. Below are just a few examples of such campaigns that have recently been caught by Perception Point in our clients.

Malware Campaign 1:
Executable file inside of a disk image

The attacker claims to be an employee of a European company and is attempting to spread fake-news that the COVID-19 vaccine has been found. The attackers ask the recipients to download the attached document for full access. But, once the recipients open the file, the below malicious executable is waiting for them:

Malware Campaign 2:
Compressed executable file by WHO

This attack combined two attack tecqhinues: malicious paylod on top of impersonation. In this at-tack the attacker spoofed the domain to look like the email was sent by the World Health Organi-zation (WHO).

Our IR team came across this campaign on March 18, 2020 from several different global custom-ers. In this campaign, the attacker claims to be part of the World Health Organization and at-tached a file that contains “official WHO vital information”. If the recipient would open this file, they will find the below malicious executable file:

Conclusions

The examples above show us that we are dealing with an evolving and new type of attack. As we are trying to accept the situation that the Coronavirus is a global issue and deal with it on a global level, we also need to face attackers in the cyber-world that are leveraging such a devastating situation for their own benefit. We can see and we will continue to see attackers using the Coro-navirus for their cyber-attacks, whether it be by using domain-spoofing to look like a trusted source or installing malicious malware within “critical and informable” files/links.

Learn more how can Perception Point can help you prevent Coronavirus-related cyberattacks.