For hackers who target Windows, the coronavirus pandemic is like Christmas come early. But what’s good news for them is bad news for you, piled onto all the other bad news wrought by the pandemic. Undeterred by the crisis — indeed, spurred to new heights by it — hackers have been coming up with a host of devious ways to use your natural fears in order to infect your Windows PC with malware and ransomware.

How bad is it? The security company Malwarebytes calls the pandemic “a golden opportunity for threat actors to capitalize on fear, spread misinformation, and generate mass hysteria — all while compromising victims with scams or malware campaigns.”

The hackers bent on doing this range from individuals looking to make as much fast money as possible to governments targeting their adversaries. Malwarebytes notes that government-sponsored hackers from China, North Korea, Russia and Pakistan are exploiting coronavirus fears in order to spy on their enemies. The group APT36, believed to be sponsored by Pakistan, uses spearphishing to trick people worried about the health of their loved ones into downloading a malicious Microsoft Office document that then infects a Windows machine with a remote administration tool (RAT) that lets hackers take control of the computer. The email purports to be an important health advisory about the novel coronavirus, and the downloaded document claims to be an advisory as well. The documents are almost laughably illiterate, containing sentences such as, “The outbreak of CORONA VIRUS is cause of concern especially where forign personal have recently arrived or will be arriving at various Intt in near future.”

But while the hackers’ grasp of English may be weak, their hacking bona fides are strong. The document drops a RAT on the victim’s machine, which can then steal private information, capture live screenshots and send it all back to hackers.

It’s not just government-sponsored hackers who are using coronavirus fears to hack into Windows machines. Forbes notes that millions of people in the U.S. and beyond have been getting similar coronavirus emails. The United Kingdom’s National Cyber Security Centre, part of the U.K.’s spy agency, warns that “criminals are exploiting coronavirus online—as cyber criminals seek to exploit COVID-19.” The World Health Organization cautions that cybercriminals have been sending emails purporting to be from it — emails that can infect people’s machines if their links are clicked upon or their attachments downloaded. Similar emails claim to be from the U.S. Centers for Disease Control and Prevention.

Entire industries are under attack from hackers using these types of Windows-based coronavirus scams and hacks. The security company Proofpoint found that coronavirus-themed ransomware and Trojan cyber-campaigns have targeted U.S. healthcare, manufacturing and pharmaceuticals industries. Proofpoint warns, “To date, the cumulative volume of coronavirus-related email lures now represents the greatest collection of attack types united by a single theme that our team has seen in years, if not ever. We’ve observed credential phishing, malicious attachments, malicious links, business email compromise (BEC), fake landing pages, downloaders, spam, and malware, among others, all leveraging coronavirus lures.”

Source link


Please enter your comment!
Please enter your name here