Hackers taking advantage of coronavirus panic - report

In most cases, hackers are using these domains for phishing attempts.

Hacker (photo credit: INGIMAGE / ASAP)
(photo credit: INGIMAGE / ASAP)
The coronavirus has led to widespread panic in many parts of the world, and hackers are taking advantage of the disease, Israel’s Check Point Software Technologies reported Thursday.
Since January, there have been more than 4,000 coronavirus-related domains registered globally, according to Check Point’s Threat Intelligence service. Of those, at least 5% are malicious and an additional 5% are suspicious, it said in a press release.
“The malicious rate of the coronavirus-related domains is 50% higher than the overall rate of all domains registered at the same time period,” Check Point said. It is also higher than recent seasonal themes, such as Valentine’s Day.
In most cases, hackers are using these domains for phishing attempts, Check Point said. Hackers “phish” for access to personal information, such as banking and credit-card details or passwords. Phishing is considered a cybercrime.
For example, Check Point said it discovered phishing that was targeting local organizations in Italy.
“Due to the number of cases of coronavirus infection that have been documented in your area, the World Health Organization has prepared a document that includes all the necessary precautions against coronavirus infection. We strongly recommend that you read the document attached to this message,” said an email message that was sent to more than 10% of all organizations in Italy.
If the user clicked on the document to “enable editing” or “enable content,” it downloaded the Ostap Trojan-Downloader, a trickbot that is a dominant banking Trojan.
The letter, which appeared to be signed by an Italian doctor with the WHO, was also fake, Check Point said.
“We did a search online and could not find a doctor by the name of Penelope Marchetti with WHO or Organizzazione Mondiale della Sanita,” it said. “Also, the senders’ email addresses are not from the official WHO or OMS domains. Most of them were not Italian at all.”
Check Point said users should be cautious during this sensitive time and make sure only to open attachments from known sources. It warned to beware of “special” offers.
“‘An exclusive cure for coronavirus for $150’ is usually not a reliable or trustworthy purchase opportunity, but more likely fraud,” Check Point said.
For more about the threat and ways to prevent being targeted, see Check Point’s blog: .