Coronavirus Malware Scams – What You Need to Know

The possibility of catching or carrying a serious, contagious illness is bad enough, but that’s not the only reason why COVID-19 poses a threat. The spread of the virus has already had devastating effects on the global economy, and that’s not all. Scammers are capitalizing on people’s fear of the virus by using it to orchestrate phishing scams. So while you’re self-isolating, working from home, or in quarantine, you need to be vigilant against coronavirus COVID-19 malware scams.

Coronavirus Malware Targets Frightened Users

There are two principal Trojans hackers are using to bypass antivirus software and infiltrate users’ systems: Emotet and TrickBot. Both have been going around since at least mid-February, capitalizing first on the fears of Italian users as the virus took hold in that hard-hit country, and then spreading to Japan, the U.S., and Australia.

The TrickBot attack purports to be from an Italian doctor, Dr Penelope Marchetti. A Word document attached to the email allegedly contains important precautionary information from the World Health Organization (WHO). But when users open the document, it runs a VBA macro file, vbaProject.bin, and places a series of Word-related XML files on the user’s hard drive. These files can connect to a PHP script running on a remote server, and they’re able to both share information about the infected PC with that remote server, and further cripple the infected device with a malicious virus.

If you open this Word attachment and you happen to have macros disabled in Word, you’ll get a pop-up requesting that you enable editing and content. The document claims to have been created in an earlier version of Word.

The TrickBot scam isn’t really new; it’s just a new version of an older scam, one that tried to entice users into opening the malicious attachment with promises of great rates on loans or credit cards. However, analysts believe that hackers have been much more successful at the new strategy, which preys on people’s fear of the novel coronavirus.

TrickBot, as well as the second prevalent coronavirus malware scam, Emotet, has also been found to use strings of text from coronavirus-related news stories to get past spam filters. Emotet emails may also contain spoofed branding that makes them look convincingly like legitimate emails. Emotet emails may come with a malicious attachment or may contain a malicious link. Some of these emails claim that a global conspiracy is taking place to suppress the cure for COVID-19 and invite the reader to click on a link to learn the cure. However, the link is malicious.

Staying Safe from Malware

While scientists may know little about how to treat or prevent COVID-19 as of yet, the good news is that we already know exactly how to avoid falling victim to coronavirus malware scams. Take the same precautions that you would protect yourself from any other malware scam. Make you’re using a good, reputable antivirus and malware protection and removal app that provides protection for all of your devices and for your home network. But, because hackers are using crypters that allow coronavirus malware to slip past spam filters, it’s important to stay vigilant.

It’s best not to open any emails from sources you’re not familiar with. If you do open such an email, try to keep a level head about any claims it may make regarding coronavirus. Do not click on any links or open any attachments you may receive in emails from senders you don’t recognize, especially senders who claim to be medical authorities offering advice on coronavirus, or cures or treatments for coronavirus. You can trust that when a cure or treatment is available, or when a vaccine is successfully produced, you will hear about it first on the news, not from a random email.

Remember, if an email sounds too good to be true, it probably is. No legitimate business, organization, or bank with whom you do business will email you out of the blue to ask you to reset your password. If you receive a concerning email, do the following:

• Check the sender’s address – does the contact name match the sender’s address?
• Don’t tap or click on any links.
• Do not download any attachments.
• When in doubt, ask your coworker or quarantine buddy’s opinion of the email’s authenticity.

Cyber attacks are targeting health care workers, and some coronavirus malware programs are using real-time infection data to target users affected by the spread of the disease. So while you may not see many coronavirus malware emails yet, expect them to increase as cases of the virus increase in your area. Remember, your smart phone is also vulnerable to malware, so don’t let your guard down when you’re using it.

Coronavirus malware is spreading almost as fast as the virus itself. While you’re holed up waiting for the pandemic to end, be cautious about opening your emails. Put your safety first – in real life and online – and we’ll all get through this together.