BE AWARE: COVID-19 related cyber-attacks rocket upto 30,000%

The worldwide lockdown has resulted in shifting most of our real life activities into the digital space. And hackers has not missed the opportunity to take advantage of the current situation. They are using cornavirus and related topics to misappropriate money and personal data of credulous users. According to Zscaler (the company specializes in cloud data protection), the number of cyber-attacks related to coronavirus amounted to 1200 cases in January. In just three months that is in March, this number jumped up to 380,000 cases. Below we are sharing the common COVID-19 related cyber fraud schemes which were detected by Zscaler TreatLabZ in its cloud service.

New coronavirus-related websites

Despite the fight of state governments against misinformation about the novel coronavirus, new websites continue to appear. Cybercriminals are registering new domains containing COVID-19 related words and topics. The most popular among them are “mask”, “test”, “kit”, “safe”, “Wuhan” (name of the city in China where the first case of human coronavirus was detected) and some others. As these websites are new, it takes time to analyze them an put on the list of suspicious domains. And this time becomes “golden” for hackers.

As for the number, in January such suspicious website count was 3223, while March witnessed the rise upto 96743.

Spear-phishing (scam) emails from trustworthy corporations

Coronavirus outbreak has urged many companies to switch to work-from-home mode. And this situation is also being misused by the cybercriminal. They launch emain campaigns designing messages as if they are sent from your company or any other trustworthy oraganization which you can relate to. Such messages often contain links leading to pages of  third-party websites but designed as turstworthy ones. On these pages users are offered to fill up a form with their personal data under the pretext of some corporate testing or getting some benefit.

Scam emails also may:

  • offer to get government relief payments due to lockdown and as a means of support during coronavirus outbreak;
  • ask for donations;
  • ask for crowd funding and financial support of COVID-19 rerlated causes.

Cyber villains even use CAPTCHA to make their forms look legitimate and to “avoid detection by security crawlers”.

Trojan-contaminated PowerPoint documents

This scheme of cyber-attack was detected in Brazil. Users received email with a PowerPoint documents which was said to contain a list of coronavirus infected hotels. Once the file was opened, the user’s machine became contaminated with Trojan virus. The virus collected system information and personal data of the user and sent it to the server of cybercriminals.

Malware softwares

Another frauding scheme targeted at those who has to work or study from home. The increase in use of online conferencing softwares has been not missed by cybercriminals. Companies, schools and institutes turn to virtual private networks (VPN) in order to protect the sharing data. Along with this, hackers are spreading malware softwares disguised under legitimate VPN clients.

Compromised online stores with skimmer JS code

In order to support their business during the lockdown many offline stores had to start seeling online. Under the necessary observation of social distancing contctless delivery requires to make online payments. Such new online stores (especially small grocery shops), at times, are not well aware of cyber protection and security. Therefore they become easy targets of cyber intruders.

How does the skimmer JS (JavaScript) code work? Once you open a payments page, the code adds a form where you have to enter your personal data including your bank card information. At the moment of submitting the form (cilcking button “Pay”), your data along with your payment is transferred to the account of cyber criminals instead to that of the store.

Ransomware mobile apps

Malicious apps are distributed through new websites disguised under ligitimate platforms. For instance, one website offered users to download a COVID-19 tracking application. It promised to keep users updated on the spread of coronavirus in the world and alarm them whenever they appear to be close to a coronavirus-infected person. In fact, when the application got installed, the user’s mobile was locked. The application showed a message demanding to transfer a particular amount to unlock the device.

Another malware application played on the shortage of face masks. The cyber villains promised users to send a corona safety mask if they install the app. However, instead of a mask, the cheated users were robbed off their contact data. The app then used their contact lists to send SMS containing a download link. Like this the app was spreading information about itself. Such mobile virus is known as SMS Trojan.

Forewarned is forearmed. We hope this information is useful for you. Be safe while staying home, do not let evil minds to trick you in the digital space.


Cover image: vectorpouch