Advertisement

Coronavirus-themed emails used by cybercriminals to spread malware, report says

Coronavirus outbreak: China returns to work as government eases restrictions
WATCH ABOVE: Coronavirus outbreak: China returns to work as government eases restrictions

Criminal groups are exploiting fears over the recent novel coronavirus outbreak in an email phishing campaign directed at the global shipping industry, according to a report issued Monday by a California-based cybersecurity firm.

Proofpoint said the new campaign uses emails with bogus Microsoft Word attachments that are designed to install a type of malware known as AZORult.

READ MORE: 2nd evacuation flight chartered by Ottawa leaves Wuhan with 185 on board

AZORult has been around since at least 2016 and can be used to install ransomware, which is designed to lock legitimate users out of their computer systems until a ransom is paid.

“In these (coronavirus-related) attacks, we don’t see AZORult downloading ransomware currently,” Proofpoint said.

Coronavirus outbreak: Hong Kong residents evacuated from residential block where two virus patients live
Coronavirus outbreak: Hong Kong residents evacuated from residential block where two virus patients live

“However, because of AZORult’s configurable nature and past use in conjunction with ransomware that remains a real threat.”

Story continues below advertisement

Proofpoint didn’t provide statistics on how many actual coronavirus-themed malicious emails have been detected or how much damage has been caused by coronavirus-themed malicious emails.

The Canadian government’s Centre for Cyber Security said in an email that it was aware of both the AZORult malware and coronavirus-related phishing campaigns but didn’t comment specifically on the Proofpoint report.

“Cyber actors tend to use social engineering and topical subjects to lure their targets to click on a malicious link,” the centre said.

READ MORE: British traveller may have spread novel coronavirus across Europe, officials say

Its website cyber.gc.ca provides alerts and advice for spotting and dealing with email scams, known as phishing, and more targeted campaigns known as spear-phishing that focus on personal characteristics, interests or lines of work.

“Employees are privy to important and sensitive information, and as a result, often receive malicious emails that are intended to provide cyber intruders access to this information,” the agency says.

The RCMP said it is aware of this latest malware threat, but is not aware of any reported victims.

Coronavirus outbreak: Morneau says virus will ‘undoubtedly’ have economic impact on Canada
Coronavirus outbreak: Morneau says virus will ‘undoubtedly’ have economic impact on Canada

“We always urge caution in handling unsolicited email and we suggest recipients avoid opening attachments or clicking links from unknown senders. If you are a victim of cybercrime, report it to your local police and the Canadian Anti-Fraud Centre,” said spokeswoman Catherine Fortin.

Story continues below advertisement

U.S. cybersecurity firm Sophos said last week that it had learned of a scam that used fake emails pretending to be safety instructions from the World Health Organization.

“Fortunately, at least for fluent speakers of English, the criminals have made numerous spelling and grammatical mistakes that act as warning signs that this is not what it seems,” Sophos said in a blog post dated Feb. 5.

READ MORE: Coronavirus will ‘undoubtedly’ hit Canadian and global economies, says Morneau

Proofpoint said in its posting that the narrowly focused campaign it detected seems to originate from Russia and Eastern Europe but there’s no evidence linking the actors to a known criminal group.

Coronavirus outbreak: Trump says he expects virus to ‘go away’ in April as ‘heat comes in’
Coronavirus outbreak: Trump says he expects virus to ‘go away’ in April as ‘heat comes in’

However, it says the attackers seem to be sophisticated and have targeted industries that are susceptible to shipping disruptions including manufacturing, industrial, finance, transportation, pharmaceutical and cosmetic companies.

“A coronavirus-related shipping supply disruption would negatively impact each of the company types listed above and it’s clear these attackers are aware that a major event like coronavirus can have secondary impacts on industries.

“This awareness demonstrates not just technical sophistication, but economic sophistication as well,” Proofpoint said in its article.

Coronavirus outbreak: WHO says China team looking to understand origins, severity
Coronavirus outbreak: WHO says China team looking to understand origins, severity

Proofpoint advised workers to exercise caution when presented with coronavirus-themed email messages and attachments, as well as links and websites that could be used by criminals as lures.

Story continues below advertisement

Meanwhile, health officials in Canada have repeatedly stressed that the coronavirus currently poses a low risk to the public in this country. Seven cases have been identified in Canada, while worldwide, the illness known as 2019-nCoV has sickened more than 37,000 people and killed more than 800, nearly all in China.

READ MORE: Canadian among 66 new cases of coronavirus aboard Japan cruise ship: officials

Nevertheless, Canadians are being urged to remain vigilant against infection, with medical experts advising good hygiene practices such as washing hands frequently and coughing or sneezing into tissue.

with a file from Cassandra Szklarski in Toronto