Hackers now preying on coronavirus fears
The coronavirus outbreak has taken the world by storm. As most of us sit at home under what is becoming an increasingly mandatory order to comply with social distancing, we rely more than ever on our phones tablets and P.C.s to entertain us as we pass the time. As governments around the world scramble to find the answers on how to slow the spread and eventually defeat a virus that we are still in the process of figuring out, another danger associated with this outbreak is threatening to spread even faster than the virus itself.
Recently, the Department of Homeland Security (DHS)'s Cybersecurity & Infrastructure Security Agency (CISA) has warned Americans that in relation to the panic associated with the coronavirus, hackers may begin to "send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes."
That advice seems to be right on point, as "never let a crisis go to waste" seems to have become the new credo of the hacking for profit community. The associated outbreak of fear and paranoia that has accompanied the growth of the coronavirus pandemic has given rise to cases of spear-phishing email campaigns that have duped unsuspecting victims into downloading malware with the promise of vital information related to COVID-19.
One of the scams, which has been identified in Japan, tells the email recipient that there have been reports of new coronavirus cases in the Gifu prefecture of Japan and urges the victim to view the attached document. In order to establish a feel of authenticity, the email includes the mailing addresses, phone and fax numbers, and other information for local health organizations.
Once trust in the email is achieved, the victim is compelled to open the document, which claims to contain instructions on how to protect yourself from the virus, along with updates on the locations and rates at which it is growing, as well as virus-detection procedures.
During the ongoing pandemic, info-seekers have also been drawn to so-called "coronavirus maps" that illustrate the regions where the infection is currently growing. Hackers, who have noticed the rise in traffic going to these types of sites, have found a way to exploit this as well via malware known as AZORult.
AZORult was first discovered in 2016 and is capable of stealing browsing history, cookies, ID/passwords, cryptocurrency, and more. It also can download additional malware strains later on, after its initial installation on targeted computers. AZORult is also very easy to acquire for cyber-criminals, as it is commonly sold on Russian underground forums.
There is even a new form of malware that bears the name of the pandemic currently gripping the planet. The CoronaVirus ransomware, which also goes by the name CoronaVi2022 Ransomware, is a file-locker that encrypts files and demands payment from the victim in exchange for access to his files.
The authors of the CoronaVirus ransomware have also set up a bogus website that mimics the name of a genuine Windows P.C. utility, WiseCleaner. The phony site hosts a pirated and modified copy of the WiseCleaner software that installs the CoronaVirus Ransomware and KPOT, a trojan that collects the victim's information.
CoronaVirus Ransomware, AZORult, and other infections can be spread using several different methods that a populous currently spending more time online as they deal with a period of so-called social distancing are increasingly vulnerable to. Different infection methods including fake downloads, phishing emails, and pirated software all offer an opportunity for hackers to infect your devices. People should also beware of interacting with unknown online content or websites.
The next few months offer an unprecedented opportunity for hackers to victimize citizens looking for the latest news on the coronavirus. Now, more than perhaps any other time in history, we need to be careful in reviewing where our emails are coming from and what websites we are visiting.
Julio Rivera is a business and political strategist, the editorial director for Reactionary Times, and a political commentator and columnist. His writing, which is focused on cyber-security and politics, has been published by websites including The Hill, Real Clear Politics, Townhall, and American Thinker.