Criminal Hackers Use Official-Looking Coronavirus Forms To Spread Malware, Steal Passwords

Criminal Hackers Use Official-Looking Coronavirus Forms To Spread Malware, Steal Passwords
To sign up for our daily newsletter covering the latest news, features and reviews, head HERE. For a running feed of all our stories, follow us on Twitter HERE. Or you can bookmark the Gizmodo Australia homepage to visit whenever you need a news fix.

Security experts are tracking a range of new threats incidentally linked to the coronavirus that’s killed no fewer than 44,216 people worldwide. Where most see despair, some cyber criminals see opportunity.

Online, criminals are working to take advantage of the shocking changes to daily life thrust onto entire populations now forced to work from home—or sitting there idly nursing an insatiable craving for new information about the illness and its impact.

Los Angeles-based security firm Securonix said Tuesday its researchers were following malicious hackers working a number of coronavirus-related angles, including the use of weaponised covid-19 related documents in attacks on critical healthcare operations. It’s also seen a rise in attempts to capture security credentials from the world’s now-remotely employed workforce.

Researchers have seen crypto-ransomware disguised as a covid-19 “situation report” being widely circulated by email. After the coronavirus-themed document is opened, the user is presented with a demand for 0.35 Bitcoin ($US2,270 ($3,695), at the time of writing) to unlock their files.

Screenshot: Securonix Threat Research Team

A variety of emails are pushing infected documents harbouring malware used to steal user credentials, web browser cookies, cryptocurrency wallets, and other sensitive data. According to Securonix, the body of one such email claims the recipient may have been in contact with an infected person.

It reads:

“You recently came into contact with a colleague/friend/family member who has COVID-19 at Taber AB, please print attached form that has your information prefilled and proceed to the nearest emergency clinic.”

In another example, attackers shared a link to a malicious covid-19 live map that mimics an actual interactive dashboard displaying global coronavirus infections produced by the Centre for Systems Science and Engineering at Johns Hopkins University, as was also reported last month by security reporter Brian Krebs.

Screenshot: Securonix Threat Research Team

The map is part of a “digital Coronavirus infection kit” that was selling for $US200 ($326) on a Russian language cybercrime forum, according to Krebs.

The rise in coronavirus-related attacks began in earnest around the beginning of last month. Forbes reported on March 12 a range of malicious domains had been quickly established and that phishing attempts referencing “COVID-19” were growing.

Security firm Recorded Future warned that cyber criminals frequently adopt trusted branding when trying to lure victims to open malicious links in files, including the World Health Organisation and the U.S. Centres for Disease Control and Prevention.

Users are advised to take increased precautions when handling any links or emails related to the virus. You can find a list of best sources for information about covid-19 information here.