Cyber criminals are taking advantage of the Covid-19 pandemic to distribute malware

As the world is dealing with the second Covid-19 wave, cyber criminals are taking full advantage. Covid-19 themed malware first appeared at the very beginning of the pandemic, when the virus had just started spreading all over the world, and it has become particularly active again as we enter a second lockdown. Coronavirus-themed malware was not unexpected, as cyber criminals are always quick to take advantage of certain situations, particularly if it’s on the larger scale. And since Covid-19 affects the whole world, it’s the perfect opportunity for criminals to make money.

Cyber criminals are taking advantage of the Covid-19

The malware stayed the same, cyber criminals just started using the pandemic and the fears surrounding it to distribute it. Phishing emails now contain links to sites imitating ones of legitimate health organizations, forum/article comments link to similar phishing sites, many sites with the name “corona” contain malicious content, ransomware are named after the virus, and scam extortion emails threaten to infect the receiver with Covid-19 if a payment is not made.

Fortunately, if users familiarize themselves with what coronavirus-themed malware looks like, they should be able to avoid it, or at least not fall for it. Below you will find descriptions of the most common Covid-19-themed malware and ways you can protect yourself.

The types of COVID-19-themed malware/scams you can encounter

There are a couple of ways cyber crooks are trying to take advantage of the COVID-19 pandemic, including using people’s fears and anxiety over the virus to generate money. By familiarizing yourself with what that looks like you should be able to avoid a lot of malware.

  • Phishing emails invite you to visit sites that look identical to legitimate health organization pages.

Coronavirus-themed phishing emails were particularly common at the beginning of the pandemic, when everyone was confused about what was happening and were unfamiliar with the virus. Now that information about Covid-19 is much more widely available and things are clearer, these themed phishing emails may be less effective but are still just as common.

Coronavirus-themed phishing emails are trying to take advantage of users wanting information about the outbreak and the pandemic. The phishing emails are made to appear likely they are coming from legitimate organizations, such as the World Health Organization (WHO), and they’re written in a way that encourages users to click on links in the emails. For example, a fake WHO phishing email may ask you to click on a link in order to review COVID-19 preventative measures. In such a scenario, you would be taken to a site that has been made to look identical to WHO’s official page and asked to confirm your email by typing in your username and password. For users familiar with phishing, a site asking to put in an email account’s password will immediately ring alarm bells, but there are plenty of people who do not know what phishing looks like. Typing in the account credentials could potentially lead to cyber criminals accessing the account or for them to be sold on a hacking forum.

  • Extortion emails threaten to infect you with the virus if you don’t pay a certain sum of money.

Sextortion scam emails that threaten to release a video of someone watching pornography if a payment is not made became very widespread last year. There are variations of such emails, some threaten to release a video of someone viewing adult content, while others claim that a bomb has been planted and will go off if a payment is not made. While the former scenario may convince some users, the latter is straight out ridiculous. Extortion emails threatening to infect you with the virus if you don’t pay fall into the same category.

The emails are perplexing because they actually threaten to infect the receiver and their family members with a virus that spreads from person to person. They usually demand up to $4000 as a payment, though it’s doubtful anyone actually falls for such obvious scam emails.

“I will infect every member of your family with the coronavirus. No matter how smart you are, believe me, if I want to affect, I can,” one such coronavirus extortion email claims.

  • Covid-19/Coronavirus ransomware.

Cyber criminals have also started naming their ransomware after the virus. If you are unfortunate enough to accidentally infect your computer with ransomware, you may encounter one named coronavirus or covid-19 ransomware. It’s just regular ransomware, simply named after the virus.

  • Comments and posts lead to sites that have some variation of “coronavirus” in their name.

If you read a great deal of articles about the coronavirus and the pandemic, you may encounter comments linking to other sites. Clicking on one such link could lead you to a site that is promoting some kind of scam or hiding malware. These comments are especially common on fake news websites, where comment sections are often not moderated.

It should be mentioned that cyber criminals bought a lot of domain names that contain the words “covid” or “coronavirus” in order to make their sites look more legitimate. Thus, the links in comments and posts could look entirely legitimate at first glance.

How you can protect yourself from Covid-19-themed malware

Since coronavirus-themed malware is still the usual malware, the same preventative measures apply, and they include:

  • scanning all unsolicited email attachments with anti-virus software.

Whenever you receive an unsolicited email that contains an attachment, you should always first scan it with anti-virus software or VirusTotal before opening it. By merely opening a malicious attachment, you could end up infecting your computers with all kinds of malware, including file-encrypting malware.

Malspam emails can be made to look like completely legitimate emails from, for example, a goverment or healthcare organization, a known company, etc. Thus, whoever the email is from (especially if it talks about the COVID-19 pandemic), you should always scan the attachment.

  • not clicking on links in unsolicited emails and comments

Similarly to how you should not open unsolicited email attachments, you should not click on links in unsolicited emails, especially if they are from a healthcare organization and mention the pandemic or virus preventative measures. If possible, access the site in question manually instead of clicking on the link. For example, if the WHO emails you with a list of preventative measures, go to their site manually without clicking on the provided link.

If you hover over a link with your mouse, the address should appear at the bottom. If it leads to a legitimate site, it’s safe to click on the link. However, if the site looks random or unprofessional, it’s more than likely some kind of phishing attempt.

The same applies to comments. Before clicking on a link in a comment, always hover over with the mouse to see where it would take you.

  • never providing login credentials or personal information on sites that shouldn’t ask for them.

You should be very careful about providing login credentials and personal information. We already mentioned above the WHO phishing emails that lead to a site asking you to provide your email logins. Only put in your username, password and other login information on sites the account belongs to. For example, if you have a Gmail account, only try to log in on a Google site\app, never anywhere else. And if you receive an email with a link to a site that asks you to log in, carefully inspect the site’s URL to see if it’s legitimate. Or ideally, access the site manually to log in.

  • backing up important files.

If you are yet to do this, get in the habit of backing up any important files regularly. This isn’t exactly a preventative measure, more like something that would save you a lot of trouble in case your computer is ever infected with ransomware. If you don’t want to lose your files, back them up!

  • turning on multi-factor authentication.

In order to put an extra layer of security over your accounts, you should turn on multi-factor authentication when possible. Not all services offer this, but if they do, certainly take advantage of it. Multi-factor authentication means that a username and password will not be enough to log in to an account, you would also need to use an additional method to verify that it’s actually you logging in.

Leave a Reply