Malware Posing as New Coronavirus Information Spreads Online, Exploiting Fears About Global Outbreak

Internet users are being targeted with malware posing as health information about the new coronavirus, as hackers exploit fear about the outbreak to infect devices.

China's Computer Virus Emergency Response Center said this week malware was circulating via email and the social networking platform WeChat, with suspicious files named "coronavirus.exe" and "novel coronavirus pneumonia.exe," the state-run Xinhua News Agency reported.

The state news outlet did not reveal what type of malware was discovered, but noted it could be used to steal data or remotely-control devices.

Cybersecurity experts say it is not surprising to see hackers or criminals use global events as a lure when trying to spew out malicious software.

Indeed, multiple phishing campaigns using the coronavirus have been spotted in recent weeks, showing the schemes are not limited to China.

Threat intelligence researchers from IBM X-Force recently discovered malware-ridden emails were trying to lure victims by claiming to offer ways of preventing being infected by the virus, which has claimed hundreds of lives.

If the user clicked on the attachment they risked infection with a trojan called "Emotet," a notorious piece of software that can download additional malware to an infected computer. It was aimed at Japanese users, but the campaign had the potential to spread, the team said.

Researchers wrote: "We expect to see more malicious email traffic based on the coronavirus in the future, as the infection spreads. This will probably include other languages too."

"In these first samples, Japanese victims were probably targeted due to their proximity to China. Unfortunately, it is quite common for threat actors to exploit basic human emotions such as fear—especially if a global event has already caused terror and panic," the analysis added.

A deep-dive into Emotet has been conducted by Malwarebytes. The firm said the software is able to evade detection by some anti-malware products and can spread to other connected computers. It first surfaced in 2014 and was used to steal banking information before being upgraded.

But evidence suggests it's not the only malware currently in town.

Russian cybersecurity company Kaspersky said its researchers also found examples of malware being disguised as PDF, MP4 and DocX file formats. File names suggested that they include virus protection instructions, threat developments and detection techniques, a blog post noted.

"We've only identified ten unique files, but since this type of activity is common to popular media topics, we expect this number to increase," said malware analyst Anton Ivanov.

"As people continue to worry about their health, fake documents that are said to educate them about the coronavirus may be spreading more and more malware," Ivanov added.

In January, phishing emails claimed to hold information about the U.S. virus response from the Centers for Disease Control and Prevention (CDC), KnowBe4 reported.

Researchers from Mimecast also found a malware campaign posing as safety tips, according to Wired. "Go through the attached document on safety measures regarding the spreading of corona virus. This little measure can save you," a bogus email read, alongside a booby-trapped link.

The graphic below, provided by Statista, illustrates where coronavirus has been confirmed around the world.

coronavirus, cases, countries, 2019-nCoV
An infographic showing the confirmed number of cases of 2019-nCoV around the world. Getty

The coronavirus outbreak has resulted in more than 490 deaths and more than 24,500 confirmed cases, according to a dashboard being maintained by Johns Hopkins University. The virus was declared a global health emergency by the World Health Organization on January 31.

The U.S. state department has a "do not travel" order in place in relation to China, saying that any citizens in the country should now "attempt to depart by commercial means."

"We strongly urge U.S. citizens remaining in China to stay home as much as possible and limit contact with others, including large gatherings," the agency said.

"Consider stocking up on food and other supplies to limit movement outside the home. In the event that  the situation deteriorates further, the ability of the U.S. Embassy and Consulates  to provide assistance to U.S. nationals within China may be limited," an official advisory continued.

Coronavirus - Beijing Railway Station
Passengers wearing facemasks arrive from different provinces at the Beijing Railway Station on February 1, 2020. NOEL CELIS/AFP/Getty
Malware Posing as New Coronavirus Information Spreads Online, Exploiting Fears About Global Outbreak | Tech & Science