Coronavirus news used by Emotet and Trickbot to evade detection

March 19, 2020  By Pierluigi Paganini


Threat actors exploit the interest in the Coronavirus outbreak while infections increase worldwide, new campaigns aim at spreading TrickBot and Emotet Trojans.

Experts warn of new Coronavirus-themed attacks that are spreading TrickBot and Emotet Trojans.

Operators behind these campaigns are using new Coronavirus-themed messages to attempt to bypass security software. The trend was first reported by researchers at MalwareHunterTeam a month ago.

Crypters are software used to encrypt, obfuscate, and manipulate malware, to evade detection of solutions that employ machine-learning or artificial intelligence.

Researchers from BleepingComputer discovered that the crypters for TrickBot and Emotet have started using news stories about the Coronavirus outbreak.

“For example, TrickBot samples seen by BleepingComputer utilizes strings taken from CNN news stories as part of the malware’s file description.” reported BleepingComputer. 

Copyright passengers were sent to government quarantine centers
Product The restrictions will ban travel to the US from 26 European countries
Description Singapore has 187 confirmed cases of the virus
Original Name Just because someone who had the coronavirus
Internal Name Just this week, the Grand Princess cruise ship docked
File Version 1.0.0.1

The researchers also detected an Emotet sample that uses strings from a CNN news story for its file information.

This information is then shown in the Details tab of the malware’s properties as shown below.

The samples created using crypters that employed Coronavirus strings could bypass Artificial Intelligence/Machine Learning systems.

During this period, users should pay attention to any unsolicited Coronavirus-themed emails, here you can find the list of COVID19-themed attacks observed between February 1 and March 15, 2020.

Experts are also warning of thousands of COVID-19 scams and malware sites that are being created every day.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – malware, COVID19)

[adrotate banner=”5″]

[adrotate banner=”13″]



Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.





You might also like





  • Digging the Deep Web: Exploring the dark side of the web

    Digging The Deep Web

  • Center for Cyber Security and International Relations Studies

  • Subscribe Security Affairs Newsletter

    newsletter

  • SecurityAffairs awarded as Best European Cybersecurity Tech Blog at European Cybersecurity Blogger Awards

    EU Sec Bloggers Awards 22


More Story

Cisco addresses multiple issues in its SD-WAN product

 Cisco has addressed a total of five vulnerabilities in its SD-WAN solution, including three high severity flaws. Cisco...