Search This Blog

Showing posts with label Coronavirus scams. Show all posts

Emotet Malware Returned with Massive Malspam Campaign


The Emotet authors are popular for capitalizing on trending events and holidays by disseminating customized templates in form of Christmas and Halloween gathering invites, similarly, the malicious gang has started a new campaign taking advantage of the ongoing global pandemic. They are once again spamming corona virus-related emails to U.S businesses.

Earlier this year, in the month of February, the Emotet malware was being spread actively in pandemic ridden countries via COVID-19 themed spam. However, regarding the US businesses, the malware never had the timely chance to attack by exploiting the pandemic, as the virus encapsulated the USA in the month of March. After disappearing in February, Emotet was seen to be back stronger than ever on July 17th, 2020.

Originally designed as a banking malware, Emotet Malware was first discovered by security researchers in the year 2014, but, the threats by Emotet have constantly evolved over the years. It attempts to sneak onto the victim’s system and acquire personal information and sensitive data. Emotet uses worm-like capabilities that help it spreading itself to other connected PCs. With added functionalities to avoid detection by anti-malware software, Emotet has become one of the most expensive and dangerous malware, targeting both governments as well as private sectors. As per recent sources, Emotet also delivers third-party payloads such as IcedID, Qbot, The Trick, and Gootkit.

Emotet has been pushing malspam continually employing the same strategies the authors did in their previous array of attacks. The spam mail consists of an attachment or a link, that on being clicked, launches the Emotet payload. In this particular COVID-19 themed Emotet spam targeting U.S organizations, the malware has been sending an email that appears to be from the ‘California Fire Mechanics’ reaching out with a ‘May Covid-19 update.’ One important thing to note here is that this email is not a template designed by the Emotet authors, but instead, an email stolen from a prior victim and appropriated into the Emotet’s spam campaigns. The malicious attachment linked in this case is titled ‘EG-8777 Medical report COVID-19. Doc’. It makes use of a generic document template that had been used in older campaigns. Once downloaded on the user’s click, the Emotet gets saved to the %UserProfile% folder under a three-digit number (name), such as 745.exe. Upon execution of the same, the user’s computer will become a part of the operation, sending out further infected emails.

While alerting on 17th July, researchers at Microsoft told,“We have so far seen several hundreds of unique attachments and links in tens of thousands of emails in this campaign,”

“The download URLs typically point to compromised websites, characteristic of Emotet operations.” They further wrote.

Emotet expert Joseph Roosen told to BleepingComputer, "So far we have only seen it as part of stolen reply chain emails. We have not seen it as a generic template yet but I am sure it is just around the corner hehe. There was one reply chain I saw yesterday that was sent to 100s of addresses that were referring to the closing of an organization because of COVID-19. I would not be surprised if Ivan is filtering some of those reply chains to focus on ones that are involving COVID-19,"

Number of fake delivery services increased in Russia


Alexander Vurasko, a leading Infosecurity analyst at Softline Company, said that during the pandemic, scammers learned how to qualitatively fake food and electronics delivery sites.  Over the past four months, 56 clones have appeared at Delivery Club, and at least 30 at Yandex.Food. Companies try to quickly block such resources, but they do not always succeed.

The expert noted that the peak of the appearance of such Internet resources was recorded in April.

In addition to food sites, experts found fake Samsung online stores and Citilink online electronics hypermarket.

These sites almost completely copy the original ones: they have a catalog with hundreds of items, users can choose a restaurant, order dishes, enter the delivery address and pay for the order with a Bankcard.

Alexei Drozd, head of the information security department at SerchInform, noted that in April, the use of the delivery theme in the domain name increased: if in February there were 53 domain registrations with the word delivery, then in April — 288. According to him, this means that a high-quality Grabber has appeared on the Darknet,  a program that can reliably copy the look and content of the site.

Fraudsters actively used such software, but it is more difficult to copy marketplaces with a complex structure than a regular website, and if they already succeed, then we should expect new large phishing waves, warns Mr. Drozd. According to him, phishing sites live up to the first complaints from users or copyright holders, so it is important that companies themselves fight phishing.

Moreover, on the fake Delivery Club, after entering the card data, users need to enter the code from the SMS, so it can not be excluded that at this moment "someone links their number to your mobile Bank", noted the Telegram channel In4security, which discovered such a resource.

Kaspersky Lab also noticed sites that mimic well-known food delivery services. Hackers always use popular brands, says Tatiana Sidorina, a senior content analyst at the company.

Is a cyber pandemic looming over our heads?


The year 2020 is proving to be quite a hassle and the adversities don't seem to be slowing down. COVID-19 has already created atypical conditions of living with complete lock-downs and travel restrictions. We would like to think that after COVID-19, when the vaccine will come everything would return to normal and things would go back to the way they were. It's a comforting thought but quite far from the truth.


It seems that COVID like incidents would become the new normal, the world is not as invincible as we thought. The modern world is prone to disasters, pandemics, and environmental catastrophes. And the next mishap staring us in the face is a cyber pandemic. Security researchers have predicted that a “Cyber Pearl Harbor” or “Cyber 9/11” is inevitable. These assumptions disappeared with time due to lack of evidence but in the wake of COVID-19 doubts like these are resurfacing.

The Check Point CEO warns “that the new reality created by the coronavirus pandemic will cause threats in the cybersecurity field to rise, and that countries need to protect themselves against the coming ‘cyber pandemic.’ “What happened in the last three months pushed forward five, maybe even 10 years of technological evolution,” he says. “More services moved online; companies removed barriers. We allowed developers to work just from within the company physically, so we could keep our intellectual property.  In one day, we had to change all of that and allow people to access from home. This rapid change means hackers will find a way. The hackers can find a way to hack a personal computer of an employee and through them get into our Crown Jewels.”

Though the World Economic Forum gives a ray of sunshine saying that this corona pandemic has thought us how to fight off and prepare for the "inevitable global cyberattack". A good thing out of this pandemic is that it teaches us about cybersecurity and the measure of the impact a massive attack would have to better prepare ourselves for this sort of assault.

 The World Economic Forum states three lessons-
  •  Speed of the attack

They predict that a cyberattack would spread exponentially faster than any biological virus. The RO (reproductive rate ) of COVID-19 is two to three whereas the 2003 Slammer/Sapphire worm (fastest worm) doubled every 8.5 seconds.

  • The Economic Impact 

World Economic Forum says that the digital economic shutdown will put a similar dent, which may be greater to the economy as the one currently. The only way to prevent the spread of the digital virus would be to shut down systems and machines to break the chain and one day without internet would cost the World a loss of 1 billion dollars.

  •   Recovery 

The recovery would no doubt be challenging in both measures - to replace the infected devices and damage recovery.

But there are learning to be taken from COVID-19 that these sorts of attacks can happen and to be better prepared for them. Effective communication, coordination among private and public sectors, and a substitute for digital work will go a long way to battle the upcoming cyber pandemic.

Google Is All Set To Fight The Coronavirus Themed Phishing Attacks and Scams


These days of lock-down have left cyber-criminals feeling pretty antsy about “working from home”. Not that it has mattered because apparently, that is why the number of cyber-crime cases has only hiked especially the Phishing attacks.

This has gotten Google working on its machine-learning models to bolster the security of Gmail to create a stronger security front against cyber-criminals.

Given the current conditions, the attackers seem to have a morbid sense when it comes to the themes of the Phishing attacks, i.e. COVID-19. Reportedly, 18 Million such attacks were blocked in a single week. Which amount up to 2.5% of the 100 Million phishing attacks it allegedly dodges every day.

Google, per sources, is also occupied with jamming around 240 Million spam messages on a daily basis. These phishing attacks and spams at such a worrisome time have impelled Google and Microsoft to modify their products’ mechanisms for creating a better security structure.

Reportedly, the number of phishing attacks, in general, hasn’t risen but in the already existing number of attacks, the use of COVID-19 or Coronavirus seems to have been used a lot.

Malware and phishing attacks, especially the ones related to COVID-19 are being pre-emptively monitored. Because being resourceful as the cyber-criminals are the existing campaigns are now being employed with little upgradations to fit the current situation.


A few of the annoying phishing emails include, ones pretending to be from the World Health Organization (WHO) to fool victims into making donations for VICTIMS to a falsified account.

Per the intelligence teams of Microsoft, the Coronavirus themed phishing attacks and scams are just the remodeled versions of the previous attacks.

The attackers are extremely adaptive to the things and issues that their victims might easily get attracted to. Hence a wide variety of baits could be noticed from time to time.

During the lock-down period of the pandemic, health-related and humanitarian organizations have been extensively mentioned in the scams and phishing emails.

Per sources, the Advanced Protection Program (APP) lately acquired new malware protections by enabling Google Play Protect On Android devices to some specifically enrolled accounts.

Allegedly, users trying to join the program with default security keys were suspended, while the ones with physical security keys were still allowed to be enrolled.

All the bettered security provisions of Google shall be turned on by default so that the users can continue to live a safe and secure life amidst the pandemic.