Source: Coronavirus Campaigns Spreading Malware | 2020-01-31 | Security Magazine. A new report by IBM X-Force Exchange found that cybercriminals are taking advantage of the coronavirus outbreak, and using it to spread malware.
“The practice of leveraging worldwide events by basing malicious emails on current important topics has become common among cybercriminals. Such a strategy is able to trick more victims into clicking malicious links or opening malicious files, ultimately increasing the effectiveness of a malware campaign,” notes IBM.
X-Force discovered the first campaign of this type, in which the outbreak of a biological virus is used as a means to distribute a computer virus. IBM researchers say that what makes these attacks rather special, is the fact that they deliver the Emotet trojan, which has shown increased activity recently. The virus urges its victims into opening an attached Word document, described as a supposed notice regarding infection prevention measures.
The emails appear to be sent by a disability welfare service provider in Japan, says IBM. The text briefly states that there have been reports of coronavirus patients in the Gifu prefecture in Japan and urges the reader to view the attached document.
After IBM researchers ran the document through a sandbox, they could retrace the infection process: If the attachment has been opened with macros enabled, an obfuscated VBA macro script opens powershell and installs an Emotet downloader in the background. This is the typical behavior of most Emotet documents, notes the blog.
Previously, Japanese Emotet emails have been focused on corporate style payment notifications and invoices, following a similar strategy as emails targeting European victims, says IBM. Researchers note that this new approach to delivering Emotet may be significantly more successful, due to the wide impact of the coronavirus and the fear of infection surrounding it.
To read more… Coronavirus Campaigns Spreading Malware.