Plus news about an Android-phone sextortion ransomware called COVID-19 tracker that victims wish they never downloaded.
As usual, cybercriminals are abusing the World Health Organization logo, using the global agency’s credentials to trick people into donating Bitcoin funds.
According to Sophos security expert Chester Wisniewski: “As people’s fear and desire to do something about COVID-19 is dominating the news, it is also being exploited in every way by online criminals. First, Sophos noticed phishing attackers using the World Health Organization (WHO) as a lure. Next, numerous malware gangs began to disguise their malicious wares as COVID-19-themed documents. Now, we are seeing cyberattackers impersonating WHO charities, this time the COVID-19 Solidarity Response Fund. These emails are fake, but very real looking and take advantage of new and until recently unheard of charitable organizations.”
The tell-tale clue is the request for Bitcoin rather than credit cards or other currencies. Due to the ability to trace and stop real wire transfers and credit cards, criminals prefer to rely on crypto-currencies to attempt to preserve their anonymity and freedom and the Bitcoin payment request seen here is a sign that something isn’t right about this email.
“We haven’t seen the novel nature of this attack before— impersonating charities around COVID-19. Any time the public’s interest becomes fixated on a topic, scammers, spammers and malware authors latch on to the news and are determined to find a way to exploit the opportunity. We’ve seen this type of activity in the past, but rarely is the whole world so focused on one thing, making this chance to develop scams a little too good to be true for cybercriminals,” added Wisniewski.
Almost all types of malicious online activity Sophos typically observes now has in one way or another taken advantage of a COVID-19/Corona theme. There are limitless quantities of spam pitching expensive guaranteed Corona-proof masks, videos on how to construct your bunker and other “guides” to keeping your business or family safe. Sophos researchers have also seen common email-borne malware families like Fareit and Trickbot sending malicious emails under the guise of Centers for Disease Control and Prevention (CDC) and World Health Organization (WHO) themes.
“Let’s be clear. If you want advice from those who truly know what is happening, visit the website of your local health authority or ministry of health. Make a bookmark in your browser for the *real* WHO website at https://www.who.int, and if you really want to make a financial contribution to those helping us stay safe in this fight, do not send Bitcoin, but go to the official website for the COVID-19 Solidarity Response Fund at https://www.covid19responsefund.org/,” reiterated Wisniewski.
On a related topic, Sophos has also released a detailed article about how an Android malware uses coronavirus for a combo of sextortion and ransomware. It plants a creepy app called ‘COVID 19 TRACKER’ that offers to “Track Real-Time Coronavirus Outbreak in your Street, City and State”, and says it will “Get Real-Time Statistics about Coronavirus outbreaks around you in over 100 countries. However, if you are keeping your eye out for giveaway mistakes, it actually says outbreak aroud you, an error both of grammar and spelling.
Unlike most scams that come through via phishing emails, this is done via an app, and it is important we remain vigilant, especially during difficult times like these, said Wisniewski.