Coronavirus-related domains are 50% more likely to be malicious than other domains registered in the same time period.

Since the beginning of January, during the period where initial coronavirus outbreaks were being reported, over 16,000 new coronavirus-related domains have been registered.

In the past three weeks alone (since the end of February 2020),  researchers from Check Point Software Technologies have noticed a huge increase in the number of domains registered—the average number of new domains is almost 10 times more than the average number found in previous weeks.

Of these domains, 0.8% of were found to be malicious (93 websites), and another 19% were found to be suspicious (more than 2,200 websites).

In the last week, more than 6,000 new domains were registered—an 85% increase compared to those in the week before.

Coronavirus domains registered weekly

Immediately following the news of the Covid-19 outbreak, cybercriminals started using global media interest as a cover to spread their malicious activity. The graph below shows the trend line of the overall search for coronavirus by Google Trends, compared to the trends that researchers observed in social media discussions on COVID-19 cybersecurity and cybercrime.

Hackers view this pandemic as a great opportunity to accelerate their business. Special offers by different hackers promoting their “goods”—usually malicious malware or exploit tools—are being sold over the dark net under special offers with “COVID19” or “coronavirus” as discount codes, targeting wannabe cyber-attackers. Here are some examples:


“CoronaVirus Discount! 10% off ALL products”—and no, this is not for fashion merchandise, nor this is for a new smart watch.  Some of the “goods” available to purchase at special rates include “WinDefender bypass” and “Build to bypass email and chrome security.”

In the following example, researchers found a group of hackers that go by the name of SSHacker, who describe themselves as “dedicated to providing the best hacking services since 2005” and who are now offering the service of hacking into Facebook accounts at a discounted rate!

15% off with COVID-19 code

It does not stop there. Of course there are many fake online ‘sales’ offering premium goods at unbelievable prices. A seller that goes by the name of “True Mac” offers the “most-loved Mac” model—MacBook Air—at the fantastic price of US$390 as a “corona special offer”.  As the old expression puts it, if it sounds too good to be true, it probably is.

As always, be very wary of any website that offers “once-in-a-lifetime” deals no matter how authentic looking it is. To avoid falling victim to online scams, be cautious with emails and files received from unknown senders, especially if they are offering special deals or discounts. Never open unknown attachments or click on links in emails, and ensure you are ordering goods from an authentic source. One way to do this is NOT to click on promotional links in emails, and instead, Google your desired retailer and click the link from the Google results page.

Remember that as well as washing your hands regularly, it is important to keep up your cyber-hygiene, too.