Posted on February 2, 2020 at 12:09 PM
Hackers Spreading Emolet Malware in Japan with Fake Coronavirus Message
Security researchers have discovered that some cybercriminals are taking advantage of the coronavirus to send people fake messages containing Emolet malware. Hackers are spreading the Emolet Trojan through emails meant to confuse people to believe it’s related to the coronavirus that broke out in China this month. The Emolet Trojan has seen increased activity in recent times.
IBM discovered an email that showed cybercriminals were sending emails to people in Japan to disguise as disability welfare service providers in Japan.
The content of the email revealed that there are reports of patients with the coronavirus in Osaka, Tottori, and Gifu prefectures in Japan. It further urged victims to open an attached file containing the message, but in essence, the message contains the Emolet Trojan.
Once the readers click on the attached Microsoft word file, their system is infected with the Trojan. The messages are highly treacherous because they were designed to look just like government emails with real emails, phone numbers, and addresses.
A common practice by cybercriminals
Whenever there is a worldwide event or a trending issue, cybercriminals usually take advantage of the situation to perpetuate their attack on systems. Most times they camouflage their malicious emails with the important topic, claiming to come from a genuine source.
The strategy has been paying off for some of them because they can easily trick victims into believing the message since it looks genuine. According to IBM researchers, the attackers have mastered their act to the extent of using legitimate emails and phone numbers to make users believe they are real.
IBM researchers said that these attackers make everything look real but the only difference is they rather attached Emolet Trojan along with the mail. They urge the reader to open the attached file for instructions or tips on the prevention and control of the virus.
As soon as the user agrees to their bidding, they have just given an open invitation to the Trojan.
Using the fear of coronavirus
Security researchers at Kaspersky have seen other emails by cybercriminals spreading the Emolet Trajan by camouflaging using the coronavirus message. According to the researchers, the cyber attackers also used the same framework by urging people to click on the attached file. Some are attaching .docx, .mp4, and .pdf files to the emails designed to deceive people they have an important message regarding the prevention of coronavirus.
The purported email claims to contain information that would help protect the user against the virus. It also claims to have updates on the virus and even procedures for detecting the disease.
Fake news trend may increase
According to Kaspersky malware analyst, Anton Ivanov, the coronavirus has already been used by cybercriminals as bait to lure victims and infect their systems with malware. So far, Ivanov said the security firm has discovered 10 of such files. He said as the coronavirus news has gone global and still present, the fake news trend that infiltrates malware may continue.
And as people get concerned over their health, there is always going to be those who would take advantage of the situation for their selfish and criminal gains, said Ivanov.
IBM researchers said that this type of attack is more likely to succeed because of the significance of the topic surrounding the email. The many fears people have about the spread of the virus will lead them to follow the cybercriminal’s request without thinking twice. Even those who are skeptical would still fall victim because they believe any important information about their health and safety should not be neglected.
Greta Thunberg and Super Bowl also used as malware
Apart from events that create fear, cybercriminals have also used positive events to lure their victims. Recently, they used the climate change movement by Greta Thunberg to send malicious messages to unsuspecting victims.
Most times they use events with global coverage and wider reach to deceive their unfortunate victims into believing the message is genuine and legitimate.
Proofpoint’s research director, Sherrod DeGrippo, pointed out that cybercriminals understand that many people would have an interest in globally trending issues like Greta Thunberg and the coronavirus. He said the most victims of this cyber attack are from Asia because people are more afraid of the virus in the region.