Fears over the novel coronavirus have triggered mass quarantines, Purell and Clorox shortages and financial market turmoil. As global concerns continue to mount with the latest headlines – just today, it was reported that the head of the Port Authority of New York and New Jersey was infected – cyber fraudsters and threat actors continue to seize on those fears.
In one of the latest examples, researchers at MalwareHunterTeam reportedly have exposed a phishing scam that pretends to offer coronavirus information from the World Health Organization, but in reality distributes the GuLoader malicious downloader, which in turn installs the FormBook information-stealing trojan.
The emails, best viewed via a browser, include statistics on the virus and encourage the recipient to view an attached file, MY-HEALTH.PDF, in order to view the “the simplest and fastest ways” to take of one’s health while ensuring the well-being of others, BleepingComputer reports. The reader is also falsely instructed to reach out to an attacker-controlled email address to supposedly contact the “Corona-virus Disease Grants/Donation board for a grant or donation application.”
Upon infection, GuLoader reportedly downloads and
decrypts an encrypted version of Formbook from Google Drive, and then injects it
into the Windows process wininit. Formbook is capable of copying clipboard
contests, keylogging, extracting data from HTTP sessions, and executing
commands given by a command-and-control server. Such functionality can allow attackers
to steal banking and website login credentials and cookies, the report
Late last week, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued guidance warning citizens to beware of coronavirus scams.
“Cyber actors may send emails with malicious attachments
or links to fraudulent websites to trick victims into revealing sensitive
information or donating to fraudulent charities or causes,” the advisory
states. “Exercise caution in handling any email with a COVID-19-related subject
line, attachment, or hyperlink, and be wary of social media pleas, texts, or
calls related to COVID-19.”
CISA recommends that users avoid interaction with links
and email attachments in unsolicited emails; rely on only trusted, official
sources for their COVID-19 information, avoid sharing personal and financial
information in emails; and ensure that a charity is legitimate before donating.