Coronavirus outbreak used by hackers to spread malware

Malicious actors are using the outbreak of the Wuhan novel coronavirus, or 2019-nCoV, as an opportunity to launch emailed-based cyber attacks, according to security specialist Proofpoint.

WHY IT MATTERS The company uncovered a continuing expansion of cyber attacks themed around the Coronavirus, including a new campaign promoting conspiracy theory-based fears around “unreleased cures,” and dupes multiple users into accepting malware by abusing perceived legitimate sources of health information.

While the attacks initially targeted people in the United States and Japan, Proofpoint noted recent examples are targeted at Australia and Italy, where Italian-language lures are being used.

A company blog post by Sherrod DeGrippo, Proofpoint’s senior director of threat research and detection, noted attackers have expanded the malware used in their Coronavirus attacks to include not just Emotet and the AZORult information stealer, but also the AgentTesla Keylogger and the NanoCore RAT, all of which can steal personal information, including financial information.

In one campaign example, recipients of an email designed to stoke fears of an available cure that is being withheld – a conspiracy theory – urges the recipient to receive further information on the “cure” by clicking on the link provided in the email.