Experts continue to spot Coronavirus-themed attack, a new phishing campaign uses messages that pretend to be from a local hospital informing the victims they have been exposed to the virus and that they need urgently to be tested.
Threat actors attempt to take advantage of the fear of the population of being infected with the COVID19 that is killing hundreds of
The phishing messages
Upon opening the file, victims will need to ‘Enable Content’ to view the content of the protected document, but this action will trigger the infection process.
The malicious executable will inject multiple processes into the legitimate Windows msiexec.exe file to evade detection by security solutions.
The malicious code analyzed by BleepingComputer researchers is an information stealer, it attempts to steal
The malicious code also gets a list of programs running on the computer, looks for open shares on the network, and gets local IP address information configured on the computer.
Unfortunately, this is only one of the numerous Coronavirus-themed attacks recently observed by security researchers, below the list of the attacks observed in the last seven days.