As the Covid-19 pandemic continues to cover the face of the planet, cyber criminals are making use of new and versatile techniques to either infect unsuspecting victims and establish persistence, or to obtain sensitive information such as credit card information, personal files and more. 

Exploiting the current trends undoubtedly brings round the fact that there would be more and in most cases unknown phishing campaigns. 

When working remotely people should take into account that they might not be as protected as they are when operating from the office.  

In this week’s edition we will introduce you to the latest trends circulating the internet and some of the most innovative means of social engineering related to the coronavirus pandemic.

  • Mobile malware
    Benign applications offering information regarding COVID-19 have hidden malware.

  • Discounted off-the-shelf malware and illegal offensive services offered on the black market
    Discounted blackhat services in connection with the pandemic - may increase likelihood of an attack.

  • Ransomware targeting healthcare facilities
    Data being held hostage in the course of the pandemic in order to demand ransom as healthcare data is of vital importance.

  • Online materials and trainings for remote working and cybersecurity
    We provide you with tips on remote working which can be found on the Amatas website, as well as our partner websites.

Mobile malware

A research conducted last week and published on April 9, 2020 by Checkpoint details the usage of mobile applications in a pursuit to spread MRATs (Mobile Remote Access Trojans), banking trojans and other forms of malware.

They discovered more than 16 different mobile apps that were disguised so as to look benign and to offer information about the COVID-19 outbreak. In fact, these applications were packed with different forms of malware including functions to inject adware (Hiddad) as well as the Cerberus banking trojan.

The research reveals that most of these apps were created using the Metasploit framework. Below is a sample excerpt of the source code of one such app.

Before downloading any mobile app (regardless of whether it is on Google Play or Apple’s App Store) make sure the app is trusted and verified by experts. Be wary of apps that offer exclusive content or services for free especially when it comes to the ongoing situation with the virus outbreak.

Do NOT download and install apps that originate from untrusted sources. Corona-themed domains should be visited with caution.

However, there are a few apps from trusted sources that can be extremely useful for news and general guidance during the Covid-19 pandemic which you should not hesitate to use. Our valuable partner Resolute Software recently developed the WHO info app for both Apple and Android devices, which provides valuable resources concerning health issues all over the world and can be found at: https://apps.apple.com/us/app/who-info/id895463794 

Discounted off-the-shelf malware

Based on a research conducted by a cybersecurity company called Group-IB there are more than 500 posts on the black market and hacker forums that promote sales and discounts in connection to the coronavirus pandemic.

The promotional codes are valid for services such as DDoS, spamming, SMS bombing and other related activities. Experts predict that this will cause a rise in the number of attacks and subsequently in the number of victims. Extra vigilance is required in order to stay up to date and to protect organizations from massive large-scale attacks.

As a precaution matter, organizations and institutions can benefit from threat intelligence services that would alert them of trending attacks, target groups and more.

Ransomware targeting healthcare facilities

It comes as no surprise that ransomware is now focused on healthcare facilities as this is where the hotspot is these days. A significant boost in the number of infected healthcare organizations can be noticed based on several researches published the previous week.

Delivery of ransomware is still mainly done by means of phishing campaigns, the most prominent of which remains the fake email impersonating health officials, the World Health Organization (WHO) and other well-known names in the field.

According to the researchers, the campaign was initiated with malicious emails sent from a spoofed address mimicking the World Health Organization (noreply@who[.]int) that were sent to a number of individuals associated with the healthcare organization that's actively involved in COVID-19 response efforts.

Ransomware incidents have increased dramatically over the last few weeks and the pandemic is partly to blame for this. Organizations need to raise awareness so that their employees do not fall victim to such campaigns. Considering the fact that most IT-based companies have adopted the home office approach, it is clear that a large group of individuals are now at risk of becoming infected by simply following a link in a malicious email.

Online materials and trainings for remote working and cybersecurity

Amatas is always on the horizon when it comes to your cybersecurity needs and aspirations. We strive to provide you with the latest reports, tips and trainings in the fields of cybersecuirty and privacy which can be found on our website at: https://amatas.com/news 

Our partners at KnowBe4 have also made the effort to provide us with free Coronavirus Awareness Resources which include various trainings and videos and can be found at: https://www.knowbe4.com/coronavirus-security-awareness-resources 

AMATAS continues to monitor this space and will deliver salient information weekly.



Amatas, The Hacker News, Checkpoint, RisKIQ, Group-IB, Resolute Software, KnowBe4