Hackers use Coronavirus to spread computer virus

Cyber criminals play on face mask fears to get people to click on dangerous email attachments​

Anthony Cuthbertson
Monday 03 February 2020 15:42 GMT
Related video: WHO declares international health emergency over 'unprecedented outbreak'
Related video: WHO declares international health emergency over 'unprecedented outbreak' (AFP via Getty Images)

Hackers are leveraging the fears surrounding Coronavirus in order to carry out cyber attacks on a massive scale, security researchers have warned.

Malware and email viruses that use Coronavirus-themed lures to trick people have spread to over a dozen countries, according to security firm Proofpoint.

The company also observed that attackers are beginning to register URLs and create fake websites relating to Coronavirus in order to carry out malicious activity.

"Global events often capture the world's attention with a combination of wide recognition and a sense of urgency," Proofpoint's threat intelligence team wrote in a blog post. "But they are also unfortunately likely candidates for threat actor campaigns."

The emails being circulated come with a document attached that appears to contain an urgent message relating to new developments with the virus's spread.

One message in Japan spread by the hacking group TA542 claims that new cases have been reported, urging the reader to open the attachment to read an important message relating to face masks and other prevention methods.

Opening the attachment launches an extremely malicious form of malware known as Emotet, which is capable of stealing valuable personal information like login details for banks. The infected device can also then be used to launch further attacks.

Emotet was previously used in campaigns relating to climate activist Greta Thunberg, as well as in seasonal emails promising details about a "Christmas party" or "Halloween party".

"Threat actors exploit times of confusion or global events to conduct cyber attacks and email phishing campaigns," said Francis Gaffney, director of threat intelligence at Mimecast.

"These actors are opportunistic and inventive - identifying vulnerabilities in infrastructure and defences, which they then use to improve their attack methodologies."

Mr Gaffney warned that periods of global disruption and confusion have become a major opportunity for cyber criminals, who play on the public's genuine fears to increase the likelihood of targets clicking on dangerous links or attachments.

Proofpoint described TA542 as a "formidable threat actor group" that would continue evolving its attacks and urged users to be particularly cautious about unsolicited emails relating to current events.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in