BackCybercriminals are exploiting coronavirus scare to distribute Emotet malware: report
The report says attackers are using different malware vectors. In Japan, Emotet malware hidden in span emails was their primary weapon of choiceIn Indonesia, Lokibot malware was widely distributed through spam emails
PremiumFollowing the Coronavirus pandemic in China and the interest it has generated around the globe, cyber criminals are targeting netizens with spam emails carrying malicious attachments, according to a February 18 report by Check Point, an Israel based cybersecurity firm.
The report found attackers using different malware vectors. In case of Japan, the notorious Emotet malware hidden in span emails was their primary weapon of choice. The emails were sent in the name of a Japanese welfare service provider working on informing people about cases of Coronavirus’ infection in Japan. Recipients of the email were encouraged to download an attachment to access the document, which would silently execute the Emotet malware on the PC.
In Indonesia, Lokibot malware was widely distributed through spam emails on how people can protect them against Coronavirus.
Researchers at CheckPoint also found a number of fraud websites which were using Coronavirus in their domain names to trick users into visiting their websites and then sell vaccines, face masks to protect them against Coronavirus.
Once such malicious website, named vaccinecovid-19\.com, was created on February 11, 2020 and registered in Russia. It offered a fast test for Coronavirus detection for 19,000 Rubles (approx Rs21,305).
Emotet is a self-propagating Trojan that is spread through phishing email carrying links to malicious sites, PDF or Word files. Originally used for banking scams, it is now being widely used to distribute other malwares. If the user clicks on the link or the attachments, a self-executable copy of Emotet malware is installed, opening the PC to more sophisticated attacks. Emotet can be used to steal sensitive information from the PC and send it to a remote command and control server.
To avoid detection Emotet uses evasive techniques such as using DLL (dynamic link libraries) which is a group of small programmes clubbed into modules linked to the programme instead of being compiled with the main programme.
Trickbot is also a banking Trojan which has been modified constantly to enhance its new capabilities, making it a very effective distribution vector.
Unlock a world of Benefits! From insightful newsletters to real-time stock tracking, breaking news and a personalized newsfeed – it's all here, just a click away! Login Now!
