Coronavirus 'fearware' sees hackers exploit Covid-19 panic to target victims

'Coronavirus is a formidable opportunity to trick panicking people amid the global mayhem,' one cyber expert warns

Anthony Cuthbertson
Friday 13 March 2020 17:48
Comments
A live coronavirus map and a fake tracking app were used by cyber criminals to spread malware
A live coronavirus map and a fake tracking app were used by cyber criminals to spread malware

Cyber criminals are exploiting fears surrounding the Covid-19 coronavirus pandemic to spread dangerous malware and hack government computer systems.

Security experts have labelled the new trend “Fearware”, warning that victims may be more susceptible to be tricked or scammed during times of global uncertainty.

One form of attack involves well-crafted phishing emails that appear to come from health authorities but instead contain malicious software that can steal a person’s data or hijack their device.

“While we have all learnt to be suspicious of unsolicited emails, an official looking email that exploits trending topics, usually those inciting fear or anxiety, is much less likely to raise alarm bells,” Max Heinemeyer, director of threat hunting at cyber security firm Darktrace, told The Independent.

"Fearware poses a greater challenge because traditional email security tools will block spear-phishing attacks that have been seen before but, crucially, each fearware campaign will be entirely unique in its content."

One hacking attack saw Russian-language criminals share an interactive map of coronavirus infections and deaths, which had originally been created by John Hopkins University to offer real-time information about the pandemic.

Anyone opening the map sent by the hackers would be infected by a form of password-stealing malware that had been hidden within the map.

“Coronavirus is a formidable and fairly unprecedented opportunity to trick panicking people amid the global havoc and mayhem,” Ilia Kolochenko, founder of web security firm ImmuniWeb, told The Independent.

“The human factor remains the most burdensome to mitigate by technical means among the wide spectrum of organisational cyber risks, and the Covid-19 connection makes victims particularly susceptible to thoughtless actions.”

Covid-19 has been a popular discussion topic on criminal forums on the dark web, with this particular hacking tools advertised for as little as $200. For this price, cyber criminals are able to purchase the malware needed to carry out the attack on a large scale.

There have been close to 140,000 confirmed cases of coronavirus around the world, resulting in more than 5,000 deaths. The rising number of coronavirus infections has coincided with a rise in the number of registrations of domain names leveraging the terms “coronavirus” and “Covid-19”, however researchers warn that many of them are scams.

A campaign, uncovered by threat intelligence firm DomainTools, involves a website that lures people into downloading a coronavirus-tracking app. The Android application is infected with ransomware that hijacks a victim’s device and demands a $100 bitcoin payment within 48 hours in order for it to be released.

A note accompanying the ransomware states: “Your GPS is watched and your location is known. If you try anything stupid your phone will be automatically erased.”

Separate research from security firm Check Point discovered more than 4,000 coronavirus-related domains that have been registered globally in recent weeks, hundreds of which are malicious.

Researchers at the company intercepted a large-scale cyber attack by a Chinese group, which targeted a public sector organisation in Mongolia. The group impersonated the Mongolian Ministry of Foreign Affairs, sending emails with supposed press briefings attached.

Opening up these documents directed the victim to a fake website that gave the hackers remote network access that could be used to steal sensitive information.

“Covid-19 is presenting not only a physical threat but a cyber threat as well,” said Lotem Finkelsteen, head of cyber threat research at Check Point.

“All public sector entities and telcos everywhere should be extra wary of documents and websites themed around coronavirus.”

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

By clicking ‘Create my account’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in