Concern over the spreading coronavirus from China is legitimate and real. The World Health Organization (WHO) has declared the coronavirus a global health emergency, and the United States and other countries are limiting travel of individuals from the affected areas in China.
As we have seen with other public concerns, cyber criminals and threat actors use these times of concern to target attacks and prey on victims. Cyber criminals are doing just that in the wake of the media attention about the spread of coronavirus. This week, Kaspersky announced that it has found PDF, MP4 and DOC files posing as information on how to protect people from the virus, updates on the coronavirus threat, and detection procedures of the virus that have been infected with malware that can damage the network or system, and can spread throughout networks.
The identified malicious files posing as information about coronavirus include:
-
Worm.VBS.Dinihou.r
-
Worm.Python.Agent.c
-
UDS:DangerousBoject.Multi.Generic
-
Trojan.WinLNK.Agent.ew
-
HEUR:Trojan.WinLnk.Agent.gen
-
HEUR:Trojan.PDF.Badur.b
There is widespread prediction that the number of malicious files introduced will grow and companies are being warned to alert their employees to be cautious of any emails or links provided to them about coronavirus. Individuals and employees may wish to use official sources for research (like the WHO website), to be wary of downloading any materials about coronavirus and to be vigilant about the names of files and the source of any files related to the coronavirus.
We are all concerned about the virus and seek additional information about it. Cyber criminals know this and will be trying to take advantage of this concern to purposefully attack us. Alerting employees and colleagues about the threat of malicious files posing as information about coronavirus will hopefully lessen the cyber criminals’ success of taking advantage of a world health concern.