Cybercriminals exploit the mass epidemic of COVID-19
Times are tough all over the world. The wide outspread of the Coronavirus is keeping us all in sweats (no pun intended) and on the edge of our seats. With new preventive guidelines spilling out each day, the masses are tensed, and it is possible that we forget that the term ‘virus’ also has another connotation. Cybercrime has been known to thrive when events like these are disturbing the day-to-day peace of citizens spread across the globe. Hackers and intruders feel no shame misusing the panic of the general public, and it would be wrong to assume that they won’t zero in on whatever issue is the most recent. We have already seen how a malware campaign was launched through Fake Greta Thunberg Emails. The new hot thing right now is the COVID-19 pandemic, and it is no surprise that it is being used to propel phishing attempts.
The Agent Tesla Keylogger
Cofense has uncovered two active phishing campaigns that are attempting to infect systems with the Agent Tesla Keylogger. The Centre for Disease Control (CDC) has been on a heightened level of activity in combatting the COVID-19 outbreak. Be it research, preventive techniques, or the dissemination of guidelines, the CDC has been on a mass communication streak. It is understandable that no one will think twice on receiving an email from the CDC. In fact, it is likely people will eagerly open emails from them, looking for developments regarding the disease. This is exactly the soft spot the criminals have targeted.
Cofense has found fraud emails falsely originating from the CDC or the WHO (World Health Organisation). It is spreading false information like the Coronavirus being air-borne or that confirmed cases have been found near the victim’s vicinity. The emails are personalised as per the victim’s locality, thus boosting the chances of a high click-thru rate. The email is accompanied with an attachment entitled “Safety Precautions” which has the document format of xls (Excel) but is in fact an executable file that triggers the installation of the Agent Tesla Keylogger.
A keylogger is a malicious software that runs in the background, monitors and then transmit all keystrokes to malicious users over the internet. The dangers are obvious. Your passwords, emails, and authentication information that you type in is accessible to the logger. Same goes for sensitive business secrets, if your workers’ machines get infected. If your mobile device gets infected, you can expect all pins and passwords you enter on your eWallets and UPI payment platforms to get leaked. Fallen in the wrong hands, these details can bypass all Two Factor Authentication protocols you have setup.
Cofense spotted emails with two different email headers:
- [EXTERNAL] COVID-19 – Now Airborne, Increased Community Transmission
- Attention: List of Companies Affected With Coronavirus March 02, 2020
The sender’s email address is CDC-Covid19@cdc.gov, thus making the email look authentic.
“Since news of the coronavirus hit national headlines, many threat actors have played on its infamy to target unsuspecting users. While there are numerous phishing campaigns raving about the latest safety measures, all claiming to be reputable health organisations or doctors, this email differs in its methods, weaponising fear to panic users into clicking malicious links.”
– Researchers at Cofense
Protect Yourself
How we wish scrubbing down your machines with disinfectants could cure them of viruses! While it is a solid tip for distancing yourself from the Coronavirus, it is of no use against phishing. However, Logix offers the digital equivalent of sanitizers: anti-phishing mailbox protection systems. With our Cloud ATP Email Solutions, potential threats in your inbox are detected and fixed at the entry point itself. No more wasting your resources trying to clean up a malware that slipped into your systems. For more details, visit our Email Security Offerings.