Threat actors exploiting public interest in the ongoing coronavirus outbreak have baited their phishing traps with a new lure—conspiracy theories about unreleased cures.
The new tactic was noted by researchers at Proofpoint, who have been monitoring global malicious activity related to the life-threatening virus in the form of hundreds of thousands of messages.
Alongside a flurry of phishing scams that hook victims with tall tales of secret remedies, researchers observed the emergence of campaigns that abuse perceived legitimate sources of health information to manipulate users.
One malicious message, titled “Confidential Cure Solution on Corona virus,” presented the sickness as a “deadly virus developed and sprayed by wicked scientists to reduce the population of the world so the government will have control over you.”
The message then invited victims to download a document allegedly containing information about a cure for the virus.
It’s not just the subject matter of coronavirus phishing scams that is changing; researchers also detected differences in the malware being used to net victims.
In a report published today, Proofpoint researchers wrote: “In this latest round of campaigns, attackers have expanded the malware used in their Coronavirus attacks to include not just Emotet and the AZORult information stealer, but also the AgentTesla Keylogger and the NanoCore RAT—all of which can steal personal information, including financial information.
Researchers also reported seeing fake Office 365, Adobe, and DocuSign sites, linked to coronavirus-themed emails, that had been specifically set up to steal credentials.
Initial coronavirus-themed attacks focused on the United States and Japan, which recorded its first fatality from COVID-19 today. More recently, researchers have observed threat actors targeting Australia and Italy, using lures written in Italian against the latter.
Other noticeable differences observed by the researchers include an increase in the number and variety of industries that these threat actors are hitting.
“We have previously written about Coronavirus-themed attacks centered on concerns around economic disruptions in light of the outbreak, specifically around shipping. This trend is continuing and has expanded to include manufacturing as well,” wrote researchers.
“Consistent with this level of tailoring and focus on economic concerns, we are also seeing dedicated attacks against construction, education, energy, healthcare, industry, manufacturing, retail, and transportation companies.”
The prolonged focus on coronavirus as a theme suggests that the topic is proving to be a successful earner for the morally bankrupt cyber-criminals who have no qualms exploiting human suffering for financial gain.