Kaspersky researchers have found multipleCOVID-19-related malicious e-mail campaigns
and hundreds of downloadable files that attempt to infect users’ devices with the threats.
While news on coronavirus spread continue to appear and dominate the headlines,
attackers are also looking for opportunities to use this topic in malicious purposes. This is a
very dangerous practice, as it exploits people’s concerns for their health and safety of their
beloved ones in attempt to pressure them into falling for a trick.
The researchers have detected malicious files that were masked under the guise of pdf,
mp4
detection procedures, which is not actually the case. In fact, these files contained threats
to users’ devices.
«The coronavirus, which is being widely discussed as a major news story, has already been
used as bait by cybercriminals. Now, the number of users whose devices have had
malicious files named after the coronavirus on them has risen to 403 in 2020, with a total
of 2,673 detections and 513 unique files distributed. While the numbers rose significantly
compared to the initial statistics we have shared, this threat is still rather minimal,» –
comments Anton Ivanov, malware analyst at Kaspersky.
Some malicious files are spread via email. For example, an Excel file distributed via email
under the guise of a list of coronavirus victims allegedly sent from the World Health
Organization (WHO) was in fact a Trojan-Downloader, which secretly downloads and
installs another malicious file. This second file was a Trojan-Spy designed to gather various
data, including passwords,
encouraging home working in a bid to slow the spread of COVID-19/coronavirus. It is likely that, where feasible, companies will allow more people than ever before to work remotely, so now is a good time for organizations to re-examine security around remote access to corporate systems. Once devices are taken outside of a company’s network infrastructure and are connected to new networks and WIFI, the risks to corporate information increase.
Some malicious files are spread via email. For example, an Excel file distributed via email under the
guise of a list of coronavirus victims allegedly sent from the World Health Organization (WHO) was in
fact a Trojan-Downloader, which secretly downloads and installs another malicious file. This second file
was a Trojan-Spy designed to gather various data, including passwords, from the infected device and
send it to the attacker
ation increase.
“We would encourage companies to be particularly vigilant at this time, and ensure employees who are working at home exercise caution. Businesses should communicate clearly with workers to ensure they are aware of the risks, and do everything they can to secure remote access for those self-isolating or working from home. In addition to the increase in remote working, we have also seen cybercriminals trying to piggyback on the virus, hiding malicious files in documents purporting to relate to the disease. So, with this opportunistic approach by criminals, coupled with changes to working habits, it’s wise for businesses to be extra vigilant at this time,” comments David Emm, principal security researcher, Kaspersky.
There are a number of simple steps that can be taken to reduce the cyber-risks associated with coronavirus.
If you are an individual, Kaspersky advises the following:
- In order to stay safe, we advise users to carefully study the content of the emails they
- receive and only trust reliable sources. If you are promised a vaccine for the virus or
- some magic protective measures, or content of the email is making you worried, it has
- most likely come from cybercriminals.
- When downloading files, pay attention to the file extension. Even if you download TV
- show episodes from a source you consider trusted and legitimate, the file should have
- an .avi, .mkv or mp4 extension. Do not download the file if it is an .exe.
- Use reliable security solution for comprehensive protection from a wide range of threats, such
If you are a business, consider taking the following steps:
- Provide a VPN for staff to connect securely to the corporate network
- All corporate devices – including mobiles and laptops – should be protected with appropriate security software, including mobile devices (e.g. allowing data to be wiped from devices that are reported lost or stolen, segregating personal and work data, along with restricting which apps can be installed)
- Always implement the latest updates to operating systems and apps
- Restrict the access rights of people connecting to the corporate network
- Ensure that staff are aware of the dangers of responding to unsolicited messages