COVID-19 themed phishing campaigns continue to prey on pandemic fears | SC Media
Strategy, Threat intelligence, Threats, Malware

COVID-19 themed phishing campaigns continue to prey on pandemic fears

February 27, 2021
Threat actors continue to prey on the public’s fears of the COVID-19 pandemic by conducting malware activities disguised behind COVID-19 safety measure documents, according to BleepingComputer. Researchers at Cybaze/Yoroi ZLAb previously reported receiving a CoronaVirusSafetyMeasures_pdf.exe executable that is likely spread as an email attachment in phishing campaigns. The executable turned out to be a Remcos RAT dropper with persistence capabilities and the ability to log the user’s keystrokes. Other researchers also reported emails spreading around that are purported to be from the Ministry of Health of the People's Republic of China with emergency COVID-19 regulations in English but are actually the Lokibot information stealer malware. The MalwareHunterTeam collective also unveiled a COVID-19 themed document claiming to be from the Center for Public Health of the Ministry of Health of Ukraine with malicious macros that enable threat actors to perform clipboard stealing, screenshotting and keylogging on victims. The World Health Organization recently warned of phishing attacks impersonating the organization that were designed to steal information.
Jill Aitoro

SC Media Editor in Chief Jill Aitoro has 20 years of experience editing and reporting on technology, business and policy. She also serves as editorial director at SC Media’s parent company, CyberRisk Alliance. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.

prestitial ad