Coronavirus malware scam

RapidVPN/ May 29, 2020/ Blog/

It is a predictable fact that cybercriminals will often take advantage of trending topics in the news, such as is now coronavirus, and they would try and prey on consumers using fear and urgency tactics. Cybercriminals of all stripes are taking advantage of the coronavirus scare, and some of those scams are a direct threat to banks and their customers.

Many of the fraudsters are hiding in the shadows sending emails and creating websites designed to trick people into clicking on different malicious links that are disguised as helpful resources. In that way, people may end up with malware on their computers that will steal their online banking credentials and credit card numbers.

In the recent case of the COVID-19 pandemic, this activity is often masked and mimics communications from expert sources such as the World Health Organization, and various Centers for Disease Control and Prevention.

In situations like this one, false information is becoming a huge problem because it is the time of the crises, and everyone is looking for the best information but they have no way of judging if it’s real or not. The consumers are usually extremely anxious to get the information so they do not analyze the URL or details of the map, images or some instructions as they would do otherwise.

The fake map

The point about analyzing URLs carefully before clicking on them applies to a fake-map scam primarily. The is a popular COVID-19 dashboard that is a go-to source for people who want to stay up to date on the virus. Researchers have discovered a malicious program,, that specifically claims to provide an up-to-date coronavirus map. The map that is produced looks exactly like the university’s graphic. But it’s software has embedded malware that is called corona.exe that’s a variant of AzorUlt, and a type of spyware that steals usernames, passwords, various data stored in the user’s browser. This trojan is distributed through infected email attachments, malicious online ads, and various software vulnerabilities.


Contrary to popular opinion, in situations like this one, cybercriminals will find the simplest way to break into computers, and those ways include phishing email attacks. Phishers always look for topical subjects that can capture a victim’s attention. Nowadays they use COVID-19 as a lure in the subject line, and they often include information-stealing malware.

The coronavirus outbreak creates an ideal environment for phishing attacks to succeed. There are two reasons why phishing attacks are successful in situations like this outbreak. First of all, you are flooded with information about something, so it is easy for phishing to blend in. Secondly, if you keep getting emails about something but you are uncertain and the things do not look very clears, you’ll try to find more.

Coronavirus-themed phishing emails can take different forms, including these:

CDC alerts: these phishing emails look like they are form U.S. Centers for Disease Control. The email falsely claims to link to a list of coronavirus cases in your area.

Health advice emails: phishers have sent emails that offer purported medical advice to help protect you against the coronavirus. The email might claim to be from medical experts near Wuhan, China, where the coronavirus outbreak began.

Workplace policy emails: the cybercriminals have targeted employees’ workplace email accounts. If you click on the fake company policy, you’ll download malicious software.

There are ways to avoid phishing emails, and here are some tips on how:

  • Beware of online requests for personal information:
  • Check the email address or link;
  • Watch for spelling and grammatical mistakes;
  • Look for generic greetings;
  • Avoid emails that insist you act now;

Telling the difference between phishing and real emails is not easy. The general rule that applies is that if an email is asking you to click on a link or go somewhere, you should always find another way to validate it.


It is not just opportunistic scammers who’re making the most of the coronavirus. Various espionage groups associated with China, North Korea, and Russia have been sending out spear-phishing emails trying to find routes onto business networks. The entire industries are being targeted. In February, the hackers were targeting industries that are particularly susceptible to shipping disruptions including industrial, finance, transportation, pharmaceutical, and cosmetic companies.

In late February, a group of Chinese hackers had been suspected that is sent malware documents to targets in Vietnam, the Philippines, and Taiwan. The documents included legitimate statements by political leaders and different bits of advice from official sources, but underneath it was hidden data-slurping spyware. Another espionage group was acting on the behalf of Russian interests, so it sent phishing emails with a malicious, coronavirus-themed document to Ukrainians.

What to do?

One way of fighting against these threats is for the banks to continue to do anti-phishing training and use email filtering services and various multifactor authentication.

People should enable MFA for all personal email and banking accounts, as the experts suggest. The account monitoring should also be used, and customers should be encouraged to set up alerts and to notify their bank if they see any suspicious activity.

As previously mentioned, if the subject line or any line in the email no matter how real it looks asks you to click on something to finish the action you began, do not do it. Find another way to proceed with the action and to confirm its purpose.

Finally, if you want to keep in touch with the outbreak of the cases, do it by following the official statements and maps, not some others that in the panic you click absentmindedly. When the panic settles, chaos begins: so always think twice before any action.

Source: BankInfoSecurity, DataBreachToday