Your colleague was infected with Coronavirus, this is the latest phishing lure

Pierluigi Paganini March 30, 2020

Security experts uncovered a new Coronavirus-themed phishing campaign, the messages inform recipients that they have been exposed to the virus.

Experts continue to spot Coronavirus-themed attack, a new phishing campaign uses messages that pretend to be from a local hospital informing the victims they have been exposed to the virus and that they need urgently to be tested.

Threat actors attempt to take advantage of the fear of the population of being infected with the COVID19 that is killing hundreds of thousands of people worldwide.

The phishing messages tell the victims that one of their colleagues, friends, or family members has tested positive for the virus, then it urges them to print the attached “EmergencyContact.xlsm” file and bring it with them to the nearest testing center.

Upon opening the file, victims will need to ‘Enable Content’ to view the content of the protected document, but this action will trigger the infection process.

“If a user enables content, malicious macros will be executed to download a malware executable to the computer and launch it.” reads the post published by BleepingComputer.

The malicious executable will inject multiple processes into the legitimate Windows msiexec.exe file to evade detection by security solutions.

The malicious code analyzed by BleepingComputer researchers is an information stealer, it attempts to steal cryptocurrency wallets and web browser cookies.

The malicious code also gets a list of programs running on the computer, looks for open shares on the network, and gets local IP address information configured on the computer.

Unfortunately, this is only one of the numerous Coronavirus-themed attacks recently observed by security researchers, below the list of the attacks observed in the last seven days.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – phishing, coronavirus)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment