Cyber criminals used fake NHS website to distribute infostealer malware

Cyber criminals are using a spoofed copy of the NHS website to lure Internet users to download malware that is designed to steal passwords and credit card data from browsers and device files.

Security researchers at Kaspersky recently discovered the fake NHS website that used fonts, language, and interface that was very similar to the ones on the genuine NHS website. The fake website advised visitors to download instructions that included advice about staying at home, how to avoid infection, and how to use the 111 Coronavirus service.

Kaspersky researchers discovered that once a user chooses to download instructions from the fake NHS website, the site unloads a password-stealing malware disguised as "covid19.exe" that is capable of stealing passwords and credit card data from browsers, files and other data stored on the victim’s computer. Worryingly, the malware can also download additional malware on the host device if commanded by cyber criminals to do so.

"This particular piece of malware is able to steal saved passwords, credit card data, cookies from lots of popular browsers and cryptowallets files. It also can take a screenshot and gather system information. All of this data is then packed and sent to the cybercriminals," Kaspersky warned.

This is how the fake NHS website looks like:

The firm recommends that even if Internet users are tricked by cyber criminals to download harmful malware into their systems, they can prevent their devices from infection by using reputable Internet security products, regularly updating operating system and applications, using complex and unique passwords for different online accounts, not clicking on links in unsolicited messages, and making regular backups of their data.

If you observe any fake website masquerading as a genuine one and asking users to download suspicious files or enter their personal information, you can report the website to the National Cyber Security Centre at report@phishing.gov.uk.

The new ‘Suspicious Email Reporting Service’ was launched by NCSC earlier this week in response to cyber criminals exploiting the COVID-19 crisis to defraud people into downloading malware or sharing their personal information. Within a day of launching the service, NCSC received over 5,000 complaints concerning suspicious emails and successfully shut down 83 malicious web campaigns.

“The immediate take-up of our new national reporting service shows that the UK is united in its defence against callous attempts to trick people online. While we have not seen a rise in email scams in the last month, coronavirus is the top lure currently used to conduct cyber crime, exploiting public unease and fear of the pandemic,” said Ciaran Martin, chief executive officer of NCSC.

“We hope the success of the Suspicious Email Reporting Service deters criminals from such scams, but if you do receive something that doesn’t look right forward the message to us – you will be helping to protect the UK from email scams and cyber crime,” he added.

MORE ABOUT: ,