Cybercriminals have found yet another way to capitalize on people's fears surrounding the coronavirus and have now started a new phishing campaign to scare people into downloading malware on their computers.
You've been infected!
As the coronavirus pandemic continues to spread rampantly around the world, there has been a significant spike in phishing attempts by cybercriminals preying on the fear and anxiety of people and tricking them into opening malicious email attachments. However, this time, they've hit a new low.
The new online phishing campaign, discovered by the folks at Bleeping Computer, first sends victims an email pretending to be from a local hospital, telling them that they've been in contact with a colleague, friend, or family member who has tested positive for COVID-19.
The email then asks the victim to take a print of the attached Excel sheet named EmergencyContact.xlsm, which it claims is pre-filled, and carry it with them to the nearest emergency clinic for testing.
The text of the e-mail reads:
When the user opens the attachment, they're prompted to "Enable Content" to view the protected document. Once the victim allows permission, malicious macros are executed to download and launch malware on the computer.
The malware will then inject numerous processes into the legitimate Windows msiexec.exe file in order to stay hidden and avoid detection by security programs.
What is the malware capable of?
According to Bleeping Computer, the malware is capable of performing the following actions on your computer:
- Search for and possibly steal cryptocurrency wallets.
- Steal web browser cookies that could allow attackers to log in to sites with your account.
- Get a list of programs running on the computer.
- Look for open shares on the network with the net view /all /domain command.
- Get local IP address information configured on the computer.
How to protect your computer from phishing attacks?
During this unprecedented global crisis, it is essential for everyone to be particularly careful of such Coronavirus-related emails they receive and refrain from opening any email attachments from unknown sources.
One way to protect yourselves from such phishing scams is to look up the number of the alleged sender (such as the hospital mentioned in the e-mail) and contact them via phone to confirm the e-mail and the enclosed information.