Image

The Annoying Mess that is CoronaLocker
In the middle of April, security researcher Max Kersten learned that his friend had suffered an infection at the hands of a program called "wifihacker.exe." The researcher took a look and found that the malware extracted VBS files and a batch file once installed. It then used these resources to create an annoying screenlocker that informed victims that they had suffered a coronavirus infection.Image

Give It a Rest, Trickbot!
Like all other security research teams, Microsoft's Security Intelligence has been analyzing the growing number of digital attacks that are exploiting the ongoing pandemic to target users. They found something interesting in the process. Specifically, they observed that Trickbot features as the most common malware payload in these attack campaigns. https://twitter.com/MsftSecIntel/status/1251181180281450498 Microsoft's Security Intelligence went on to share a recent Trickbot campaign in which attackers had targeted users with hundreds of macro-laden documents. Those files came attached to attack emails that claimed to originated from a non-profit organization offering free COVID-19 tests.Hoax Health Site Harboring Fake COVID-19 Harmful Links
Digital fraudsters are attempting to capitalize on people's search for information regarding the coronavirus pandemic. In that spirit, malicious actors created a fake website designed to impersonate the official site for the United Kingdom's National Health Service (NHS). A screenshot of this website is visible below.Image

Dark Web Ploys: From Ventilators to..."Pure Frequency"?
Malicious actors are flooding underground web marketplaces with all kinds of scams these days. A few of the more interesting ploys recently attracted the attention of Bleeping Computer. In one of those schemes, a scammer placed a promotion for a type of ventilator commonly used in hospitals on a dark web forum. Another offered an Israel-created "vaccine" that sold for $99. Perhaps the most bizarre of these scams came in the form of a posting offering a "pure frequency." The post informed users that they simply needed to listen to the same .MP3 file 3-6 times a day in order to eliminate the coronavirus from their home and their surroundings.Image

An Investigation into a Multi-Million Euro Face Mask Scam
And now for some good news! According to BBC News, Gardaí (Irish police) collaborated with banking authorities to freeze a €1.5 million payment that a German company had deposited into a bank account operated by an Irish firm based in County Roscommon. The company was under the impression that it was making a down payment on 10 million marks valued at €15 million. As it turns out, the company made the purchase on a fake Dutch website created by scammers. After learning of this money laundering attempt, local authorities brought in an Irish citizen for questioning. They did not arrest the individual, however.Over 2,000 COVID-19 Scams Taken Down by NCSC
BBC News also shared the success of the United Kingdom's National Cyber Security Centre (NCSC) in its fight against coronavirus-themed scams. In March 2020 alone, NCSC took down over 2,000 COVID-19 ploys. Those ruses included 471 fake online shops that claimed to sell coronavirus-themed items such as those discovered by Bleeping Computer. NCSC's efforts were also integral in the dismantling of numerous phishing websites, malware landing pages and nearly 900 advance-fee fraud schemes. Have you seen a coronavirus-themed scam? If so, let us know by reaching out on Twitter.Check out our other COVID-19 scam roundups below!
- COVID-19 Scam Roundup – May 11, 2020
- COVID-19 Scam Roundup – May 4, 2020
- COVID-19 Scam Roundup – April 27, 2020
- COVID-19 Scam Roundup – April 20, 2020
- COVID-19 Scam Roundup – April 14, 2020
- COVID-19 Scam Roundup – April 6, 2020
- COVID-19 Scam Roundup – March 30, 2020
- COVID-19 Scam Roundup – Week of 3/16/20