Categories: NewsTech

PSA: This “corona-virus” e-book isn’t from WHO, it’s dangerous malware

The COVID-19 pandemic has affected many of us in impacted regions, with 242,830 confirmed cases of infection across 170 countries. In Malaysia, most workers, other than those in essential services, are working remotely in a bid to “flatten the curve” of the coronavirus spread. And yet, opportunists have taken advantage of the situation with a series of malware, including a fake coronavirus map app and various other schemes.

With that in mind, cybersecurity experts at Malwarebytes Labs have been monitoring possible threats within their own email inboxes. As a result, they’ve found a new phishing campaign that was purportedly sent to their inbox by the World Health Organisation—and the whole scam is built around a fake e-book that is claimed to have everything you need to know on the “corona-virus”.

It’s not obvious to everyone

Like many other phishing campaigns, the whole point of the scam is to convince the victim that the perpetrators represent some sort of official party. In this case, the cybercriminals promise the latest info on the COVID-19 outbreak, although there are a few errors: “Corona-virus” being the most glaringly obvious.

Again, like other phishing scams, the vast majority of targets realise early on that the email isn’t from an authentic source, and discards it without a second thought. But the danger here is when those that aren’t familiar—in subject topic, language, or form of communication—receive such emails.

SOURCE: Malwarebytes

And while it may be obvious that WHO isn’t going to misspell COVID-19 as the “Corona-virus”, the malware contained within the files attached can still be dangerous to those who are duped.

How does it work?

The key is to understand how such scams work. Here, a fake e-book, My Health E-book, is attached to the email as bait, along with other bits of information on the outbreak. There’s even a section that teaches you to protect your children and… business centres (because the two obviously belong in the same sentence).

When the attached .zip file is downloaded, there is an executable (.exe) file inside the archive—when this is executed, malware is then downloaded (GuLoader). Capabilities of the malware include key-logging, accessing browser data, and stealing personal information.

A good habit is to always look at the extension of a file before you open it. For example, an e-book would be in .epub or .pdf format, perhaps even .doc—but not an executable file. In general, you should never download files from unknown sources.

The wealth of malware that seeks to take advantage of the current COVID-19 situation is growing, but with awareness and attention, you can prevent yourself from becoming another victim. Of course, if you know of anyone that may be susceptible to a scam like this, remember to share this article with them.

[ SOURCE ]

Recent Posts

Malaysia Airlines’ new A330neo grounded temporarily due to production issues

Malaysia Airlines has temporarily grounded its brand new Airbus A330neo after completing four commercial flights.…

18 hours ago

Proton e.MAS 7: Here’s how much it cost to maintain this EV

Pro-Net recently revealed that you only need to service the new Proton e.MAS 7 EV…

3 days ago

Proton e.MAS 7: How much does it cost to replace the tyres?

The Proton e.MAS 7 is one of the most value for money SUVs at the…

3 days ago

Samsung to launch its new AI-powered home appliances with improved ecosystem integration at CES 2025

Samsung has announced that it will be holding its press conference titled "AI for All:…

3 days ago

SoyaCincau Awards 2024: The Best Phones of the Year

Modern smartphones are very capable computing devices, thanks to powerful hardware trickling down the price…

3 days ago

CelcomDigi offers 5G Home WiFi at RM69/month for Postpaid customers

If you're a CelcomDigi Postpaid 5G customer and can't get fibre broadband for your home,…

3 days ago

This website uses cookies.