Coronavirus 'fearware' sees hackers exploit Covid-19 panic to target victims

'Coronavirus is a formidable opportunity to trick panicking people amid the global mayhem,' one cyber expert warns

Anthony Cuthbertson
Friday 13 March 2020 13:48 EDT
Comments
A live coronavirus map and a fake tracking app were used by cyber criminals to spread malware
A live coronavirus map and a fake tracking app were used by cyber criminals to spread malware (AFP via Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Cyber criminals are exploiting fears surrounding the Covid-19 coronavirus pandemic to spread dangerous malware and hack government computer systems.

Security experts have labelled the new trend “Fearware”, warning that victims may be more susceptible to be tricked or scammed during times of global uncertainty.

One form of attack involves well-crafted phishing emails that appear to come from health authorities but instead contain malicious software that can steal a person’s data or hijack their device.

“While we have all learnt to be suspicious of unsolicited emails, an official looking email that exploits trending topics, usually those inciting fear or anxiety, is much less likely to raise alarm bells,” Max Heinemeyer, director of threat hunting at cyber security firm Darktrace, told The Independent.

"Fearware poses a greater challenge because traditional email security tools will block spear-phishing attacks that have been seen before but, crucially, each fearware campaign will be entirely unique in its content."

One hacking attack saw Russian-language criminals share an interactive map of coronavirus infections and deaths, which had originally been created by John Hopkins University to offer real-time information about the pandemic.

Anyone opening the map sent by the hackers would be infected by a form of password-stealing malware that had been hidden within the map.

“Coronavirus is a formidable and fairly unprecedented opportunity to trick panicking people amid the global havoc and mayhem,” Ilia Kolochenko, founder of web security firm ImmuniWeb, told The Independent.

“The human factor remains the most burdensome to mitigate by technical means among the wide spectrum of organisational cyber risks, and the Covid-19 connection makes victims particularly susceptible to thoughtless actions.”

Covid-19 has been a popular discussion topic on criminal forums on the dark web, with this particular hacking tools advertised for as little as $200. For this price, cyber criminals are able to purchase the malware needed to carry out the attack on a large scale.

There have been close to 140,000 confirmed cases of coronavirus around the world, resulting in more than 5,000 deaths. The rising number of coronavirus infections has coincided with a rise in the number of registrations of domain names leveraging the terms “coronavirus” and “Covid-19”, however researchers warn that many of them are scams.

A campaign, uncovered by threat intelligence firm DomainTools, involves a website that lures people into downloading a coronavirus-tracking app. The Android application is infected with ransomware that hijacks a victim’s device and demands a $100 bitcoin payment within 48 hours in order for it to be released.

A note accompanying the ransomware states: “Your GPS is watched and your location is known. If you try anything stupid your phone will be automatically erased.”

Separate research from security firm Check Point discovered more than 4,000 coronavirus-related domains that have been registered globally in recent weeks, hundreds of which are malicious.

Researchers at the company intercepted a large-scale cyber attack by a Chinese group, which targeted a public sector organisation in Mongolia. The group impersonated the Mongolian Ministry of Foreign Affairs, sending emails with supposed press briefings attached.

Opening up these documents directed the victim to a fake website that gave the hackers remote network access that could be used to steal sensitive information.

“Covid-19 is presenting not only a physical threat but a cyber threat as well,” said Lotem Finkelsteen, head of cyber threat research at Check Point.

“All public sector entities and telcos everywhere should be extra wary of documents and websites themed around coronavirus.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in