Security Strategy, Plan, Budget

Coronavirus news being used to sneak malware past AV programs

In an effort to make malware appear legitimate and help it sneak past security software, groups using two well-known trojans are inserting news text from Coronavirus stories into their file descriptions.

Padding malware with fake news is not new but Bleeping Computer has found Trickbot and Emotet now being used in conjunction with stories associated with the pandemic. The attackers embed the news snippets in the malware’s description file, said Lawrence Abrams, Bleeping Computer’s CEO.

This tactic has been used in the past with news centered on President Trump’s impeachment trial being used as late as January 2020 for the same purpose.

The switchover to COVID-19 content took place about a month ago.

The overall efficiency of this tactic is not known, but researchers believe it could fool security software variants dependent upon artificial intelligence and machine learning

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.