Hackers are jumping on the COVID-19 pandemic to spread malware

If there’s one thing certain during a pandemic, it’s that hackers will use it for their own gain.

Don’t be too surprised. Every time there’s a major news story, a world event or even regular national events like tax preparation season, hackers jump at the chance to take advantage of the uptick in chatter to launch attacks against unsuspecting victims.

As it turns out, the COVID-19 pandemic isn’t any different.

Several cybersecurity firms are reporting an uptick in attacks against a range of targets, all using the ongoing COVID-19 pandemic as a hook to hoodwink their victims into running malware. It comes as large portions of the globe are on lockdown amid the outbreak of the coronavirus strain. The World Health Organization said as of Thursday’s situation report that the coronavirus has resulted in 125,000 confirmed cases and 4,613 deaths.

FireEye said it has seen an uptick in targeted spearphishing campaigns from hackers in China, North Korea and Russia, to deliver malware. Ben Read, a senior manager in FireEye’s intelligence analysis unit, said all of the campaigns it has witnessed have leveraged the coronavirus as a lure to compromise their victims’ computers.

Recorded Future has also observed a number of cybercriminals using the coronavirus to spread a number of different types of malware against targets in the U.S., Europe and and Iran — three areas most affected by the COVID-19 outbreak outside of China, where the new coronavirus strain first emerged. The researchers found that some of these campaigns imitate “trusted” organizations like the World Health Organization and the U.S Centers for Disease Control and Prevention to infect their victims.

And Check Point, which last month found a number of coronavirus-themed disinformation campaigns, now says it has found a new malware campaign leveraging the fear of the outbreak to surreptitiously install a powerful remote access trojan designed to take full control of a victim’s computer.

But researchers say that attackers aren’t just using the coronavirus as a cover for spreading malware.

Email security firm Agari told TechCrunch that it has evidence of what appears to be the first case of a coronavirus-themed business email compromise attack, designed to trick businesses into turning over money.

While Agari said it has seen several coronavirus-related emails used to deliver spam, steal credentials and infect victims with malware, the company said it has seen a threat group it calls Ancient Tortoise using spoofed emails in an effort to trick a victim company’s customers to pay an outstanding balance but to a different bank than usual, “due to the coronavirus outbreak.” The different bank is a mule account based in Hong Kong, said Agari researchers.

As governments and companies scramble to contain the pandemic, security researchers are trying to better understand and detect the current spike in malware. And as long as the threat from the coronavirus remains, so will the risk from hackers.