UPDATE 03/05/2020: Yesterday, our malware intelligence researchers found a clever ploy to hide an info-stealer behind a website that purported to show updated coronavirus cases on a global map.
Malwarebytes initially detected the malware, which carried the ominous and maybe-too-obvious filename "corona.exe", as Trojan.Corona. Upon further analysis, we learned that this malware was actually a variant of AzorUlt, a family of spyware that steals information and sometimes downloads additional malware. We have now updated the detection name to Spyware.AzorUlt.
Unlike similar coronavirus scams we discovered last month, this threat does not rely on an email campaign.
Original story below.
Panic and confusion about the recent coronavirus outbreak spurred threat actors to launch several malware campaigns across the world, relying on a tried-and-true method to infect people’s machines: fear.
Cybercriminals targeted users in Japan with an Emotet campaign that included malicious Word documents that allegedly contained information about coronavirus prevention. Malware embedded into PDFs, MP4s, and Docx files circulated online, bearing titles that alluded to protection tips. Phishing emails that allegedly came from the US Centers for Disease Control and Prevention (CDC) were spotted, too. Malwarebytes also found a novel scam purporting to direct users to a donation page to help support government and medical research.
All of these threats rely on the same dangerous intersection of misinformation and panic—a classic and grotesque cybercrime tactic. A great defense to these is, quite simply, the truth.
At Malwarebytes, we understand that safeguarding you from cyberthreats goes beyond technological protection. It also means giving you the information you need to make smart, safe decisions. Because of this, we’re presenting verified resources and data about coronavirus that will hopefully steer users away from online threats. If you see a sketchy-looking email mentioning the virus (like the one we found below), don’t open it. Instead, come here. If you want to immediately see what these online scams look like, scroll below.
What is coronavirus?
According to the World Health Organization, the current coronavirus that has infected thousands of people across the world is a single variant of a broader family of viruses, also called “coronavirus.” This particular strain of coronavirus was first identified in the city of Wuhan in central China’s Hubei province. It has the title “2019-nCoV.” Though 2019-nCoV is from the same family of coronaviruses as SARS—which spread to 26 countries between 2002 and 2003—it is not the same virus.
As of February 7, coronavirus has spread to at least 25 countries, including Australia, Vietnam, the United States, the Philippines, Nepal, Sweden, the United Kingdom, India, and more. Mexico has no reported cases—the only country in North America to avoid the virus, it appears. Countries in South America, including Brazil, Colombia, Venezuela, and Chile, have not reported any confirmed cases of the virus, either. While the majority of infections are reported in China, with 31,211 confirmed cases, the highest count of any other country is Singapore, with 30 cases.
Full, daily reports on the virus’ spread can be found at the World Health Organization’s resource page here: Novel Coronavirus (2019-nCoV) situation reports. The situation reports also provide information about every country with confirmed coronavirus cases, and this Al Jazeera article compiles that information up to February 6.
According to a February 6 report in The Wall Street Journal that cites scientists and medical academics in China, the recent coronavirus likely started in bats.
According to the US Center for Disease Control, coronavirus symptoms include fever, cough, and shortness of breath.
How can I protect myself from coronavirus?
Because coronavirus spreads from human-to-human contact, the best protection methods involve good hygiene. According to the WHO, individuals should:
- Wash your hands frequently with soap and water or use an alcohol-based hand rub if your hands are not visibly dirty.
- Maintain social distancing—maintain at least 1 meter (3 feet) distance between yourself and other people, particularly those who are coughing, sneezing and have a fever.
- Avoid touching eyes, nose, and mouth.
- If you have fever, cough, and difficulty breathing, seek medical care early. Tell your health care provider if you have travelled in an area in China where 2019-nCoV has been reported, or if you have been in close contact with someone with who has travelled from China and has respiratory symptoms.
- If you have mild respiratory symptoms and no travel history to or within China, carefully practice basic respiratory and hand hygiene and stay home until you are recovered, if possible.
The WHO also actively dispelled some current myths about coronavirus. For instance, individuals cannot catch the virus from dogs and cats that are their pets, and vaccines against pneumonia do not protect against coronavirus.
For more information on coronavirus myths, please visit the WHO Myth Busters page here, along with the WHO Q&A page.
What else should I know about coronavirus?
Coronavirus is a serious threat, but it is not the world-ending plague that many fear. As of February 7, the virus has resulted in 637 total deaths. A February 6 notice by the Chinese media service CGTN reported more recoveries, at 1,542.
Individuals should not fear receiving packages from China, the WHO said, as the virus cannot survive long durations on physical objects like packages and letters. Similarly, individuals should not dip into unmeasured fear of all things Chinese. These fears have turned New York’s Chinatown district into a “ghost town,” said one local business owner, and have fueled multiple xenophobic and racist assumptions across the world.
Coronavirus has also received a strong global response. Air travel has been severely limited, Olympic qualifying games were relocated, workers built a hospital in about 10 days, fast food restaurants temporarily closed their locations, and China closed off entire populations—which has come with its own tragic tales of quarantine camps, isolation, and fear.
The spread of the virus is scary, yes, but people are working day and night to prevent greater exposure.
What should I know about coronavirus scams?
Coronavirus online scams are largely similar to one another. By preying on misinformation and fear, cybercriminals hope to trick unwitting individuals into opening files and documents that promise information about the virus.
However, Malwarebytes recently found an email scam that preys on people’s desire to help during a moment like this.
The scam email—titled “URGENT: Coronavirus, Can we count on your support today?”—purportedly comes from the nondescript “Department of Health.” Inside, the email asks users to donate to coronavirus prevention causes.
“We need your support , Would you consider donating 100 HKD to help us achieve our mission?” the email says near its end, before offering a disguised link that opens an application, not a website. The link itself begins with neither HTTPS or HTTP, but “HXXP.”
Routine scams that allegedly include information about prevention and protection also come through emails, like this phishing scam spotted by Sophos.
The malicious email informs its recipient to open an attached document that includes information about “safety measures regarding the spreading of coronavirus,” which then directs users to a page that asks for their email address and password.
These scams are becoming a dime a dozen, and we don’t expect them to dwindle any time soon. In fact, threat actors in China were spotted sending malware around through email and through the Chinese social media platform WeChat. Though the exact types of malware were not reported, the Computer Virus Emergency Response Center said the malware itself could be used to steal data or remotely control victims' devices.
Coronavirus information and data resources
If you’re afraid about the spread of coronavirus, we understand. But please, do not click any links in any sketchy emails, and do not donate to any causes you have not already vetted outside of your email client.
If you want to know up-to-the-date information about the virus, again, please visit the following resources:
- The World Health Organization’s main information page on the virus
- The WHO’s daily “situation reports”
- The WHO’s “Mythbusters” page
- The WHO’s public advice guide
- The Center for Disease Control and Prevention’s main information page on the virus
Stay safe, everyone.