Even as stock markets tumble and panic spreads over the novel coronavirus outbreak, cyber criminals are hatching plans to make the most of the ongoing crisis.
According to cyber experts, the most frequent trend observed in the past two weeks is of hackers sending phishing emails to citizens with the words ‘Corona’ or ‘COVID-19’ in the subject line. The emails contain attachments in pdf, mp4 or docx format, which are designed to look like advisories or tips to deal with the pandemic, but are actually viruses or malware. To sell their lie further, the hackers also mention the names of credible agencies like the World Health Organization and the Centers for Disease Control and Prevention.
A recent study by Kaspersky has found that some of these emails contain links that look like legitimate web pages but actually lead the target to a log-in page meant to steal passwords.
“Trojans embedded in attachments or links are designed to steal passwords of the targets. This is damaging in a time when people like to save passwords of their email and social media accounts in their browsers for faster log-in, which means the hackers can get an entire list of passwords at one go,” Shubham Singh, who is a civilian consultant for the Mumbai Police, said.
Kaspersky has also detected a high number of such attempts in the Asia Pacific (APAC) region, including emails offering products such as masks. In a statement, Kaspersky said, “For example, an Excel file distributed via email under the guise of a list of coronavirus victims allegedly sent from the World Health Organization was, in fact, a Trojan-Downloader, which downloads and installs another malicious file. This second file was a Trojan-Spy designed to gather data, including passwords, from the infected device and send it to the attacker.”
In the APAC region alone, Kaspersky has detected 93 coronavirus-related malware in Bangladesh, 53 in the Philippines, 40 in China, 23 in Vietnam, 22 in India and 20 in Malaysia. There were single-digit detections in Singapore, Japan, Indonesia, Hong Kong, Myanmar, and Thailand.
Cyber experts have also noticed a trend of creating websites similar to official government ones offering information on the COVID-19 outbreak. One such attempt was a fake map showing the number of coronavirus victims in regions all over the world, which was also sent out via email in the form of pdf or exe files. Mr. Singh said, “These are actually trojans that will infect the system as soon as they are opened and give hackers remote access of the devices.”
With companies increasingly starting to opt for the work from home option, experts say the threat might worsen. Employees would be now accessing work-related data from internet-provider devices that are not as secure as the ones at their offices. Stephan Neumeier, managing director, Asia Pacific, Kaspersky, said, “It is a known that once devices are taken outside a company’s network infrastructure and connected to new networks and Wi-Fi, the risks to corporate information increase. It is high time we boost our physical immunity and networks security against these damaging attacks.”
