Categories: NewsTech

PSA: This “corona-virus” e-book isn’t from WHO, it’s dangerous malware

The COVID-19 pandemic has affected many of us in impacted regions, with 242,830 confirmed cases of infection across 170 countries. In Malaysia, most workers, other than those in essential services, are working remotely in a bid to “flatten the curve” of the coronavirus spread. And yet, opportunists have taken advantage of the situation with a series of malware, including a fake coronavirus map app and various other schemes.

With that in mind, cybersecurity experts at Malwarebytes Labs have been monitoring possible threats within their own email inboxes. As a result, they’ve found a new phishing campaign that was purportedly sent to their inbox by the World Health Organisation—and the whole scam is built around a fake e-book that is claimed to have everything you need to know on the “corona-virus”.

It’s not obvious to everyone

Like many other phishing campaigns, the whole point of the scam is to convince the victim that the perpetrators represent some sort of official party. In this case, the cybercriminals promise the latest info on the COVID-19 outbreak, although there are a few errors: “Corona-virus” being the most glaringly obvious.

Again, like other phishing scams, the vast majority of targets realise early on that the email isn’t from an authentic source, and discards it without a second thought. But the danger here is when those that aren’t familiar—in subject topic, language, or form of communication—receive such emails.

SOURCE: Malwarebytes

And while it may be obvious that WHO isn’t going to misspell COVID-19 as the “Corona-virus”, the malware contained within the files attached can still be dangerous to those who are duped.

How does it work?

The key is to understand how such scams work. Here, a fake e-book, My Health E-book, is attached to the email as bait, along with other bits of information on the outbreak. There’s even a section that teaches you to protect your children and… business centres (because the two obviously belong in the same sentence).

When the attached .zip file is downloaded, there is an executable (.exe) file inside the archive—when this is executed, malware is then downloaded (GuLoader). Capabilities of the malware include key-logging, accessing browser data, and stealing personal information.

A good habit is to always look at the extension of a file before you open it. For example, an e-book would be in .epub or .pdf format, perhaps even .doc—but not an executable file. In general, you should never download files from unknown sources.

The wealth of malware that seeks to take advantage of the current COVID-19 situation is growing, but with awareness and attention, you can prevent yourself from becoming another victim. Of course, if you know of anyone that may be susceptible to a scam like this, remember to share this article with them.

[ SOURCE ]

Recent Posts

Malaysia’s largest DC charging hub is opening soon at Iskandar Puteri, Johor

DC Handal is expected to unveil what appears to be Malaysia's largest EV charging hub…

5 hours ago

Realme GT 7 Pro coming to Malaysia as first smartphone with Snapdragon 8 Elite chip, launching 18th November

Realme has debuted its latest flagship smartphone, the Realme GT 7 Pro in China, featuring…

5 hours ago

Malaysia to kill off NGVs in 2025 due to safety concerns

Malaysia will ban natural gas vehicles (NGVs) on 30 June 2025. Subsequently, no new natural…

7 hours ago

Is your iPhone 14 Plus having camera issues? Apple has a solution for you

Apple has launched a service program for the iPhone 14 Plus where certain units fail…

8 hours ago

U Family 128: U Mobile offers 1000GB shared data with 4 lines and free roaming for RM128/month

U Mobile has introduced its new U Family 128 offering, a new family plan which…

10 hours ago

PlayStation 5 Pro leaked – 16.7 TFLOPS GPU, 16GB GDDR6 dedicated VRAM, 2GB DDR5 system RAM

We are just three days away from the launch of the beefed-up PlayStation 5 Pro…

13 hours ago

This website uses cookies.