How fake coronavirus warning emails are spreading malware across Australia
With the outbreak of the coronavirus making headlines around the world, scammers are using the fear of the virus to trick people into installing malware onto their computers.
Attackers send unsuspecting victims an email with a warning that the coronavirus has been discovered in their neighbourhood, along with a fake attachment claiming to contain infection prevention advice. The fake attachment can be a word file, a video file or a PDF.
The fake attachment contains a variant of Emotet, a dangerous trojan that can steal banking details and other types of personal information. We’ve discussed Emotet and its capabilities before, and how it’s regarded as one of the most destructive types of malware out in the wild. Users who open the attachment are immediately infected with the trojan which often goes undetected by antivirus software.
Garret O’Hara, Mimecast’s Principal Technical Consultant, observes: “Attackers understand that it’s easier to exploit people in a climate of fear. A health scare like the coronavirus outbreak presents cybercriminals with a tempting opportunity to target people worried about their health.”
Since Emotet forwards itself to everyone on a victim’s contact list, more people will find seemingly legitimate emails coming from trusted sources, making them likely to open the attachments inside.
In October last year, the national Cyber Incident Management Arrangements (CIMA) increased the threat assessment of Emotet to "Level 3: Alert". Their designation of Level 3 falls under the "significant cyber incident" category, which can have a "major impact" on services, information, assets and government reputation. Since that time, Emotet had been downgraded to level 5, although it’s possible this could change in light of the latest coronavirus attacks.
Fortunately, keeping yourself protected is fairly straightforward: just avoid clicking suspicious links or attachments, even if they come from a trusted source. Keep your antivirus software updated and be sure to check the extension of the attached file before opening. Any attachments with unusual extensions like “.exe” or “.Ink” are likely to be fake and possibly dangerous.