Coronavirus ‘fearware’ sees hackers exploit Covid-19 panic to target victims
Cyber criminals are exploiting fears surrounding the Covid-19 coronavirus pandemic to spread dangerous malware and hack government computer systems.
Security experts have labelled the new trend “Fearware”, warning that victims may be more susceptible to be tricked or scammed during times of global uncertainty.
One form of attack involves well-crafted phishing emails that appear to come from health authorities but instead contain malicious software that can steal a person’s data or hijack their device.
“While we have all learnt to be suspicious of unsolicited emails, an official looking email that exploits trending topics, usually those inciting fear or anxiety, is much less likely to raise alarm bells,” Max Heinemeyer, director of threat hunting at cyber security firm Darktrace, told The Independent.
“Fearware poses a greater challenge because traditional email security tools will block spear-phishing attacks that have been seen before but, crucially, each fearware campaign will be entirely unique in its content.”
One hacking attack saw Russian-language criminals share an interactive map of coronavirus infections and deaths, which had originally been created by John Hopkins University to offer real-time information about the pandemic.
Anyone opening the map sent by the hackers would be infected by a form of password-stealing malware that had been hidden within the map.
“Coronavirus is a formidable and fairly unprecedented opportunity to trick panicking people amid the global havoc and mayhem,” Ilia Kolochenko, founder of web security firm ImmuniWeb, told The Independent.
“The human factor remains the most burdensome to mitigate by technical means among the wide spectrum of organisational cyber risks, and the Covid-19 connection makes victims particularly susceptible to thoughtless actions.”
Covid-19 has been a popular discussion topic on criminal forums on the dark web, with this particular hacking tools advertised for as little as $200. For this price, cyber criminals are able to purchase the malware needed to carry out the attack on a large scale.
There have been close to 140,000 confirmed cases of coronavirus around the world, resulting in more than 5,000 deaths. The rising number of coronavirus infections has coincided with a rise in the number of registrations of domain names leveraging the terms “coronavirus” and “Covid-19”, however researchers warn that many of them are scams.
A campaign, uncovered by threat intelligence firm DomainTools, involves a website that lures people into downloading a coronavirus-tracking app. The Android application is infected with ransomware that hijacks a victim’s device and demands a $100 bitcoin payment within 48 hours in order for it to be released.
A note accompanying the ransomware states: “Your GPS is watched and your location is known. If you try anything stupid your phone will be automatically erased.”
Separate research from security firm Check Point discovered more than 4,000 coronavirus-related domains that have been registered globally in recent weeks, hundreds of which are malicious.
Researchers at the company intercepted a large-scale cyber attack by a Chinese group, which targeted a public sector organisation in Mongolia. The group impersonated the Mongolian Ministry of Foreign Affairs, sending emails with supposed press briefings attached.
Opening up these documents directed the victim to a fake website that gave the hackers remote network access that could be used to steal sensitive information.
“Covid-19 is presenting not only a physical threat but a cyber threat as well,” said Lotem Finkelsteen, head of cyber threat research at Check Point.
“All public sector entities and telcos everywhere should be extra wary of documents and websites themed around coronavirus.”