Coronavirus news used by Emotet and Trickbot to evade detection

Pierluigi Paganini March 19, 2020

Threat actors exploit the interest in the Coronavirus outbreak while infections increase worldwide, new campaigns aim at spreading TrickBot and Emotet Trojans.

Experts warn of new Coronavirus-themed attacks that are spreading TrickBot and Emotet Trojans.

Operators behind these campaigns are using new Coronavirus-themed messages to attempt to bypass security software. The trend was first reported by researchers at MalwareHunterTeam a month ago.

Crypters are software used to encrypt, obfuscate, and manipulate malware, to evade detection of solutions that employ machine-learning or artificial intelligence.

Researchers from BleepingComputer discovered that the crypters for TrickBot and Emotet have started using news stories about the Coronavirus outbreak.

“For example, TrickBot samples seen by BleepingComputer utilizes strings taken from CNN news stories as part of the malware’s file description.” reported BleepingComputer.

Copyright passengers were sent to government quarantine centers
Product The restrictions will ban travel to the US from 26 European countries
Description Singapore has 187 confirmed cases of the virus
Original Name Just because someone who had the coronavirus
Internal Name Just this week, the Grand Princess cruise ship docked
File Version 

The researchers also detected an Emotet sample that uses strings from a CNN news story for its file information.

This information is then shown in the Details tab of the malware’s properties as shown below.

The samples created using crypters that employed Coronavirus strings could bypass Artificial Intelligence/Machine Learning systems.

During this period, users should pay attention to any unsolicited Coronavirus-themed emails, here you can find the list of COVID19-themed attacks observed between February 1 and March 15, 2020.

Experts are also warning of thousands of COVID-19 scams and malware sites that are being created every day.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – malware, COVID19)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment