Security researchers at KnowBe4 have identified a new phishing scam that involves phishers luring Internet users to download malicious documents attached to fake emails that appear to have been sent by a hospital.
The fake emails sent by the phishers informed recipients that they recently came into contact with an acquaintance who had COVID-19, thereby creating a sense of anxiety among those who received such emails. Recipients were asked to download an Excel document attached to the emails and proceed to the nearest emergency clinic for testing.
“You recently came into contact with a colleague/friend/family member who has COVID-19 at Big Country, please print attached form that has your information prefilled and proceed to the nearest emergency clinic,” a copy of the fake email reads.
“This email is simple, succinct, and alarming. Moreover, it spoofs a hospital, lending additional credibility to this particular social engineering scheme, which is clearly designed to elicit a panicked response from readers and override any form of rational, measured thought,” said KnowBe4.
“Users who make the mistake of following the directions provided in that Excel file and enable macros will be kicking off a download process for a sophisticated and dangerous backdoor trojan that currently enjoys a moderate (though rising) number of detections among the anti-malware engines represented on VirusTotal.
“This fairly nasty piece of malware (first reported to VirusTotal on Mar. 27, 2020) sports a number of advanced functions that allow it to evade detection by security applications, worm its way deep into an infested system, and serve as a platform for a variety of criminal activities,” the firm added.
“This is a new type of malware that we’re seeing, as it was reported for the first time just a few days ago. For the bad guys, this is a target-rich environment that preys on end-users’ fears and heightened emotions during this pandemic. Employees need to be extra cautious when it comes to any emails related to COVID-19 and they need to be trained and educated to expect them, accurately identify them and handle them safely,” said Eric Howes, principal lab researcher, KnowBe4.
Cyber criminals exploiting COVID-19 concerns to create a sense of urgency among victims
This week, security researchers at Proofpoint revealed that they have so far observed over 500,000 messages: 300,000 malicious URLs and 200,000 malicious attachments with coronavirus themes across more than 140 campaigns, indicting that cyber criminals across the world are not willing to let the opportunity pass.
“We have seen nearly every type of attack being used with coronavirus themes, including (but not limited to) business email compromise (BEC), credential phishing, malware, and spam email campaigns. Overall, we’ve seen a significant amount of credential phishing in these attacks. The threat actors behind these attacks run the gamut from small unknown actors to prominent threat actors like TA542 (the group behind Emotet),” the firm said.
Proofpoint also observed a recent credential phishing campaign that involved hackers targeting manufacturing, technology, and industrial companies in the Netherlands by posing as a major Dutch bank. The hackers sent an email asking recipients to click on a link to apply for an “antibacterial debit card” that was available only for a limited period.
The firm also said that while cyber criminals initially focussed on concerns around the impact of COVID-19 on shipping and manufacturing, they are now focussing on concerns around supposed cures and infected individuals. “As more and more employees are being asked to work from home and governments around the world work to provide support for its citizens, we can expect that threat actors will adapt and use these as themes in the not too distant future,” it said.