The World Health Organization (WHO) is among the premiere sources of up to date and accurate information on COVID-19 so it is now surprise cybercriminals are leveraging this for their benefit.
Malwarebytes has found a new phishing campaign using the well-respected WHO name as a lure to trick people who are rightfully fearful of Coronvavirus into downloading a fake e-book that carries an infostealer. The e-book, named My-Health, is advertised to contain information to protect children and business from the virus.
The body of the email (see below) is visually compelling but does contain clues that it is not legitimate. The typos include incorrectly hyphenating the name as Corona-virus, along with several odd uses of capital letters and some poor grammar.
The recipient is expected to download the fake e-book from the attached zip file. However, it only contains GuLoader, which upon being download itself brings in the infostealing trojan FormBook.
“Formbook is one of the most popular info-stealers, thanks to its simplicity and its wide range of capabilities, including swiping content from the Windows clipboard, keylogging, and stealing browser data. Stolen data is sent back to a command and control server maintained by the threat actors,” Malwarebytes reported.
Researchers point out that with many millions of people now working from home, possibly using unsecure systems, any malware downloaded can easily end up inside their company’s network.