PSA: This “corona-virus” e-book isn’t from WHO, it’s dangerous malware

The COVID-19 pandemic has affected many of us in impacted regions, with 242,830 confirmed cases of infection across 170 countries. In Malaysia, most workers, other than those in essential services, are working remotely in a bid to “flatten the curve” of the coronavirus spread. And yet, opportunists have taken advantage of the situation with a series of malware, including a fake coronavirus map app and various other schemes.

With that in mind, cybersecurity experts at Malwarebytes Labs have been monitoring possible threats within their own email inboxes. As a result, they’ve found a new phishing campaign that was purportedly sent to their inbox by the World Health Organisation—and the whole scam is built around a fake e-book that is claimed to have everything you need to know on the “corona-virus”.

It’s not obvious to everyone

Like many other phishing campaigns, the whole point of the scam is to convince the victim that the perpetrators represent some sort of official party. In this case, the cybercriminals promise the latest info on the COVID-19 outbreak, although there are a few errors: “Corona-virus” being the most glaringly obvious.

Again, like other phishing scams, the vast majority of targets realise early on that the email isn’t from an authentic source, and discards it without a second thought. But the danger here is when those that aren’t familiar—in subject topic, language, or form of communication—receive such emails.

And while it may be obvious that WHO isn’t going to misspell COVID-19 as the “Corona-virus”, the malware contained within the files attached can still be dangerous to those who are duped.

How does it work?

The key is to understand how such scams work. Here, a fake e-book, My Health E-book, is attached to the email as bait, along with other bits of information on the outbreak. There’s even a section that teaches you to protect your children and… business centres (because the two obviously belong in the same sentence).

When the attached .zip file is downloaded, there is an executable (.exe) file inside the archive—when this is executed, malware is then downloaded (GuLoader). Capabilities of the malware include key-logging, accessing browser data, and stealing personal information.

A good habit is to always look at the extension of a file before you open it. For example, an e-book would be in .epub or .pdf format, perhaps even .doc—but not an executable file. In general, you should never download files from unknown sources.

The wealth of malware that seeks to take advantage of the current COVID-19 situation is growing, but with awareness and attention, you can prevent yourself from becoming another victim. Of course, if you know of anyone that may be susceptible to a scam like this, remember to share this article with them.

[ SOURCE ]