Thousands of Coronavirus malware sites created as bait


The coronavirus pandemic is proved to be a blessing for the cyber attackers as they have taken advantage of the situation to target the victims with several malware campaigns.

The Check Point has published a new research in which the hackers are exploiting the COVID-19 outbreak to spread their own infections which includes registering malicious Coronavirus-related domains and selling discounted readymade malware in the dark web.

Malicious malware tools are being sold in the dark web under special offers with discount codes ‘COVID19’ or ‘coronavirus’.

There is a huge increase in the number of malicious coronavirus-related domains registered since January. It is found that 0.8 percent of these domains are malicious (93 websites), and another 19 percent were found to be suspicious (more than 2,200 websites).

A few of the tools available for purchase at a discounted price include “WinDefender bypass” and “Build to bypass email and chrome security.”

A hacking group called SSHacker is providing the service of hacking into Facebook account for a 15 percent discount with “COVID-19” promo code.

A seller known as “True Mac” is selling a 2019 MacBook Air model for just $390 as a “corona special offer.

Coronavirus-themed Attacks

The list of coronavirus-themed attacks is also on the rise. There are several cyber-attacks against hospitals and testing centers, phishing campaigns that distribute malware via malicious links and attachments, and execute malware and ransomware attacks.

Pakistani state-sponsored threat actor, APT36 was found running a spear-phishing campaign using Coronavirus-themed document baits that impersonated as health advisories to deploy the Crimson Remote Administration Tool (RAT) onto target systems.

A malware campaign was launched by North Korean hackers using boobytrapped documents detailing South Korea’s response to the COVID-19 epidemic as a lure to drop BabyShark malware.

A COVID-19-themed malspam campaign targeted the manufacturing, industrial, finance, transportation, pharmaceutical, and cosmetic industries via Microsoft Word documents exploiting a two-and-a-half-year-old Microsoft Office bug in Equation Editor to install AZORult malware.

COVID19 Tracker, a fake real-time coronavirus tracking Android app was found to be misusing user permissions to change the phone’s lock screen password and install CovidLock ransomware in return for a $100 bitcoin ransom.

A phishing attack targeting students and university staff with bogus emails to steal their Office 365 credentials by redirecting unsuspecting victims to a fake Office 365 login page.

Comment spamming attacks on websites that contained links to a seemingly safe coronavirus information website but redirected users to suspicious drug-selling businesses.

Besides, a new spam campaign that claims to sell mask, tricked the recipients into paying for masks, but doesn’t send anything.

It is evident that all these new exploits the coronavirus fears of the people, so it is necessary that the people must prevent themselves from being a victim to such attacks.

Be careful about the mails received from unknown senders. Do not click on any attachments or links in a mail you think to be suspicious. Check for the authenticity of the sender’s email address.

People must be careful not to use unauthorized personal devices for work and ensure that the personal devices must have the same level of security as a company-owned device.

Businesses must make sure that secure remote access technologies are implemented, including the use of multi-factor authentication for the users to work remotely.

Make sure to use trusted sources, such as legitimate government websites — for up-to-date, fact-based information about COVID-19.


Please enter your comment!
Please enter your name here