Emails and websites promise info about the pandemic. In reality, they’re shams.
Emails and websites are promising vital information about keeping safe from the coronavirus pandemic that’s sweeping the globe and threatening millions. In fact, a flood of them are scams that push malware, ransomware, and disinformation; attempt to steal passwords and personal information; and conduct espionage operations by hackers working for nation-states.
One of the most recent coronavirus hoaxes to come to light is an Android app available at coronavirusapp[.]site. It claims to provide access to a map that provides real-time virus-tracking and information, including heatmap visuals and statistics. In fact, a researcher from DomainTools said, the app is laced with ransomware.
“This Android ransomware application, previously unseen in the wild, has been titled ‘CovidLock’ because of the malware’s capabilities and its background story,” DomainTools researcher Tarik Saleh wrote in Friday’s report. “CovidLock uses techniques to deny the victim access to their phone by forcing a change in the password used to unlock the phone. This is also known as a screen-lock attack and has been seen before on Android ransomware.”
CovidLock charges about $100 in bitcoins to unlock infected devices. Since version 7, Android has provided protection against screen-lockout attacks but only if users have set a password to lock their device screens to begin with. DomainTools researchers have reverse engineered the ransomware and plan to release decryption keys that will unlock phones for free. DomainTools didn’t say how many devices have been infected.
People pushing phishing scams are also capitalizing on the pandemic. One batch of emails sent to college students poses as official communications from University personnel offering bogus updates about closures and other coronavirus-related news. A variation of this type of email purports to come from employers and targets people who are working from home. In reality, both scams provide links to fake OneDrive or Office365 login screens that capture user credentials.
Yet another phishing scam appears to come from the World Health Organization. According to researchers from security firm Kaspersky Lab, the emails promise information on safety measures to avoid infection. Recipients who click on an embedded link visit a site that prompts them to share personal information. The scam looks more realistic than previous coronavirus phishing campaigns Kaspersky Lab has found. The firm found other scams that claimed to offer face masks and included malware attachments.
Nation-states are also milking the coronavirus scare. According to security firm FireEye, hackers working for the governments of China, Russia, and North Korea are also using virus-related content to conduct espionage operations.
Researchers from Sophos, meanwhile, have identified dozens of malicious websites with domains that reference COVID or COVID-19, the disease caused by the coronavirus.
Online scams that are tailored to major news events have been around for more than a decade. Normally, however, they tend to morph relatively quickly from one breaking event to another. With the coronavirus commanding an almost unprecedented amount of coverage around the world, these latest campaigns have been nothing short of a flurry of attacks that show no signs of slowing down.
Readers should be highly skeptical of emails and websites that purport to provide information or goods related to the ongoing pandemic. The key fact to confirm is the primary source of those communications. Readers should never take source claims at face value. One of the most reliable sources for legitimate coronavirus-related information is this page from the US Centers for Disease Control and Prevention. Communications from local departments of health can also be helpful, but only when the emails or websites can be confirmed as coming from a legitimate agency. These departments can usually be found through Web searches—for instance, the San Francisco Department of Health.
This article was originally published on Ars Technica website.