More than a year into the COVID-19 pandemic, cyber criminals are still taking advantage of the situation by launching COVID-19 related malicious campaigns. This isn’t particularly surprising seeing as the coronavirus and the resulting pandemic have been the dominating topic in news all over the world, and when something is such a big topic for such a long time, it’s only a matter of time before malicious actors start taking advantage of it. 
In the span of a year, coronavirus-themed malicious campaigns have evolved from merely having the word “COVID-19” in them to sophisticated campaigns mentioning vaccines, stimulus checks, job opportunities, etc. There’s coronavirus-themed malware for both computers and mobile devices, phishing and malware emails, malicious sites, and even extortion attempts. Overall, cyber criminals are using the name in anything they can. There’s even malicious email campaigns that threaten to infect the user with COVID-19 if a payment is not made.
We invite the reader to familiarize themselves with the coronavirus-themed malicious campaigns.
COVID-19 themed malicious campaigns
- Phishing and malware emails inviting to register for vaccines or fill in post-vaccine surveys.
Now that COVID-19 vaccines are more widely available for many people, cyber criminals have started using it to their advantage. Vaccine-themed phishing emails have been particularly common in recent months, with malicious emails inviting people to register to get a vaccine or fill in a post-vaccine survey. Just recently, the US Department of Justice (DOJ) warned that an ongoing phishing campaign is inviting users to fill in a post-vaccine survey to win a prize. This particular scam not only tries to get users to reveal their personal information but also to pay for shipping of the items they have supposedly won by filling in the survey.
“Consumers receive the surveys via email and text message, and are told that, as a gift for filling out the survey, they can choose from various free prizes, such as an iPad Pro. The messages claim that the consumers need only pay shipping and handling fees to receive their prize. Victims provide their credit card information and are charged for shipping and handling fees, but never receive the promised prize. Victims also are exposing their personally identifiable information (PII) to scammers, thereby increasing the probability of identity theft,” the DOJ statement reads.
Another COVID-19 vaccine phishing campaign pretended to be UK’s National Health Service and invited unsuspecting users to register for the vaccine. The campaign was rather sophisticated, especially considering it wouldn’t be particularly unusual to receive such an email from the legitimate NHS during such a time. The information that was requested was quite extensive and included first name, surname, date of birth, mother’s maiden name, address, mobile number, credit card information and banking data. Judging by the fact that it requested a mother’s maiden name, it wasn’t merely phishing information for later scams, it was also gathering data to get into accounts, as the name is often used as a security answer when requesting a new password. The request to provide payment card and banking information is a dead giveaway in these kinds of situations, as there is no reason why the NHS would need it.
Similar malspam campaigns have also been noted to distribute malware instead of just phishing for information. These kinds of emails may claim that an attached file contains important information about vaccines or COVID-19 in general. Once the malicious file is opened by unsuspecting victims, the malware would initiate. Most commonly, it’s trojans and ransomware infections that spread this way.
- COVID-19 themed malicious sites.
Scammers and malicious actors also saw an opportunity to make money in selling fake COVID-19 medication, “miracle cures”, and later – vaccines. There were also more ridiculous attempts to scam people, such as the “corona anti-virus”, a mobile app that, while running, will supposedly actively protect the user from becoming infected.
More realistic scams involved users clicking on links in emails, comment sections, fake news articles, forums, etc., and being taken to scam websites that sell fake medication. The sites promoting these scams may be made to look professional, display fake articles and offer particular medicine that would supposedly effectively fight COVID-19. Users would pay hundreds of dollars for this medicine, only to receive nothing in return. These scams take advantage of the most vulnerable people, during a time where many people are desperate to try anything to help themselves and their loved ones. Thus, it’s not particularly surprising that people do fall for these scams, without considering that if the advertised “miracle cures” did exist, they would be used to treat patients everywhere and not sold on unknown websites in secret.
Many phishing websites were also created, especially ones posing as government sites. For example, some sites would claim that users are eligible to receive some kind of financial aid due to COVID-19. The sites would ask that users provide their personal and payment card information, and if users fall for this, the information would be sent to the cyber criminals operating this scam. These scams are especially common in countries where governments actually offer stimulus checks and financial assistance to its citizens, as it’s easier to trick people who know that they are indeed eligible to receive money from the government. Users get redirected to these websites from forum posts, comments, social media, etc.
- COVID-19 themed ransomware.
Ransomware authors also took the chance to use the name COVID-19 in their malicious campaigns. Early on in the pandemic, a new ransomware known as CoronaVirus was being distributed via a fake system optimization program Wise Cleaner. Users who encountered the program and visited its website to download it instead ended up infecting their computers with the CoronaVirus ransomware. If users downloaded the WSGSetup.exe file from the malicious site, they would also infect their computers with a password-stealing trojan Kpot, in addition to the CoronaVirus ransomware. Once the ransomware was initiated, it would proceed to encrypt personal files and demand money, while the Kpot trojan would steal login credentials.
Cyber criminals also targeted mobile devices with COVID-19 themed malware. One example is a malicious Android app that was advertised as a tracker for COVID-19 cases but was actually a mobile ransomware called CovidLock. The locker would lock the device, preventing users from accessing it. It demanded $100 to be paid in Bitcoin within 48 hours of infection. The locker also threatened to delete the data on the device, as well as leak social media account details.
- Extortion scams threatening to infect users with COVID-19.
Sextortion scammers also changed their tactics and started sending out coronavirus-themed extortion emails. The usual sextortion scams would claim that the victim’s device has been infected with malware that allowed the malicious actor to have control over the device. The scammer would further say that the victim has been filmed watching pornographic content and the video will be sent to all of their contacts if a payment (usually a couple of thousand dollars) is not made. However, the whole thing is merely a scam and there is no video, nor malware on the device.
It did not take long for scammers to make their extortion scams COVID-19 themed, though the attempts were quite poor. The scam email would start off by claiming that they know everything about the victim, including their location, and then proceed to threaten to infect them and their family with COVID-19 unless a payment is made. Depending on the scam, the requested sum may differ, asking for somewhere between $500 and $4000. While the sextortion scams are somewhat believable, particularly by more susceptible users, the COVID-19 themed ones are outright ridiculous.
Defending against COVID-19 themed malicious campaigns
Since these coronavirus themed malicious campaigns aren’t actually any different from the regular ones, it’s enough to just use regular precaution.
- Users should be extra cautious when dealing with unsolicited emails, particularly if they contain attachments.
Because malware often spreads via emails, it’s especially important that users are always cautious when it comes to unsolicited emails that have links and/or attachments. All email attachments should be scanned with anti-virus software or VirusTotal before being opened. And before pressing on links, users should always hover over them with their mouse to see where they would actually be taken to.
- Users should research online stores before purchasing anything.
When browsing an unfamiliar online store, it’s very important that users do adequate research before purchasing anything. At the very least, checking the store’s name with a search engine is a good idea. Users should check for reviews, social media presence, and the sites where users can report scams. If anything suspicious about an online store comes up, it’s better to avoid it than risk paying for something that will not be sent and giving away payment information to potential cyber criminals in the process. And users should keep in mind that sites that advertise “miracle cures” and COVID-19 vaccines are outright scams and users should never buy anything from them.
- Users should have anti-virus software installed on their computers.
Having anti-virus software installed on a computer is extremely important because it would not only detect malware that’s present on the device but also stop an infection when it’s trying to get in. A reliable anti-virus program that has ransomware protection would be able to prevent ransomware from encrypting files and get rid of the infection before it can do any damage. A lot of anti-virus programs also have a feature that informs users when they’re about to enter a website that’s known to be malicious/phishing. This could save many people from becoming victims of phishing attacks.
- Users should be very cautious about typing in their login credentials.
Phishing campaigns can be very sophisticated in some cases, and that is why it’s very important that users pay close attention to sites they type their login credentials on. The most obvious giveaway is the site’s URL, as phishing sites can be made to look identical to legitimate ones but the URL will always give it away. So when users are asked to type in their login credentials, they should always first check whether the URL is correct.