While the world grapples with the coronavirus pandemic, hackers are reportedly using infection-related emails as a hook for a new phishing campaign.
A coronavirus-themed attack is looking to steal personal information from victims, including cryptocurrency wallets, web browser details for login credentials, IP addresses and more.
Discovered by BleepingComputer, the email is designed to appear like it has been sent from a nearby hospital, and informs users that they’ve come in contact with a Covid-19 infected person who could be a colleague, friend, or family member.
The email asks the user to print out an attached file “EmergencyContact.xlsm” and take to an emergency clinic to get tested.
The attachment, once downloaded, opens as an excel file and alerts users to ‘enable content’ – however, once the content is enabled, the embedded macros in the excel file start to download, install and execute a malware. This malware can remain hidden from many forms of antivirus software, before tracking and stealing personal information such as:
- Cryptocurrency wallets
- Browser cookies containing saved login credentials
- Local IP address and other related information
- Modify network settings and allow files to be shared via the internet
- List out all the programs installed on the system
Users are advised to remain extra cautious when opening any email from unknown sources. In case the email seems genuine, rather than panicking, try to first establish the authenticity of the email by contacting sender over the phone.
This is sadly not the first time hackers have been found looking to scam victims with coronavirus-themed hacking campaigns, as multiple malicious Android apps have already tried to steal the data of unsuspecting users.
Criminals also carried out an unsuccessful hacking attempt reported against the World Health Organisation (WHO) last week, with several hospitals also targeted.