Posted on March 14, 2020 at 11:49 AM
Hackers are Sending Fake Coronavirus Fishing Mails to Steal Bitcoin
As the world continues to stay under panic mood as a result of the spread of Coronavirus, hackers are taking advantage of the situation to steal money and data from users.
After they have disguised as coronavirus informants to install malware on users’ pc, the hackers are now sending phony coronavirus tracking apps to deceive people into downloading ransomware.
Coronavirus-related domain registration on the increase
Researchers at cybersecurity company DomainTools discovered that there is an increased number of domain registrations related to Coronavirus. When the research team was investigating the situation, it found out that a particular site, known as coronavirusapp[.]site, has been asking users to download and install an android app to help them track the spread of the virus.
But the actual job of the app is fronting as ransomware known as CovidLock. The app automatically alters the lock screen password and asks the user to pay $100 before unlocking it.
The fake website is organized in such a way to convince anyone of its genuinely, as the app claims it has received certification from the World Health Organization (WHO).
The cybercriminals also revealed the app has 4.4 ratings from 6 million reviews.
According to the description on the app, it says it can send an automatic notification when a coronavirus patient is near you.
After installing the app, its request for some permission to access some of the user’s info, including their lock screen.
Based on the content mixed with SSL and malware certificate of the side, DomainTools researchers suggested that the hackers could be behind other android malware and pornographic malware attacks around the world.
Ransomware still at an infancy stage
The research team said that it seems the ransomware had not expanded much since their operation. It also revealed that there has not been any case where any user paid the amount the hackers are requesting.
The research team also advised users on how to stay safe from these attacks. According to the team, users can protect themselves from becoming victims by staying away from scammy coronavirus-related domains.
Also, users should only install their apps from Play Stores and not from anywhere else. They should not even try to give such scammy groups attention, because the criminals can easily convince their intended victims into submitting to their demands.
The exploitation of fear surrounding the pandemic
The cybercriminals who are exploiting fears surrounding Coronavirus are spreading dangerous malware and infiltrating government systems.
The researchers said the attackers generally take advantage of these periods because users are more likely going to become victims in situations like this.
According to the founder of cybersecurity firm ImmuniWeb, Ilia Kolochenko, “Coronavirus is a formidable and fairly unprecedented opportunity to trick panicking people amid the global havoc and mayhem.”
Security experts have even coined a name for the new trend known as “Fearware”. These criminals have often used any global event as an avenue to perpetuate their cybercriminal activities.
Attackers using phishing emails to infect government systems
Another form of attack is from well-designed phishing emails that seem to originate from health authorities. On the contrary, the phishing mail contains malicious software that can steal users’ data and take complete control of their device.
According to the head of security at Cybersecurity firm Darktrace, Max Heinemeyer, “Fearware” attacks are difficult to defend because each attack comes with a unique approach. Email security tools usually block any familiar phishing attacks. But because each new Fearware campaign is different from the previous ones, it becomes difficult to identify and block them.
He further pointed out that the cyberattacks that disguise as offering security information are less likely to raise alarm bells. That’s why it’s very easy for people to regard them as genuine.
In the previous hacking attempts, the Russian-language cybercriminals shared an interactive map showing the spread of Coronavirus. The map was initially designed by John Hopkins University to offer real-time updates on the spread of the disease. However, the criminals took advantage of the situation and started sending malware to those who would open the mail thinking it’s from John Hopkins University.