Coronavirus – hackers exploit fear of infection to spread malware

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Coronavirus - hackers spread malware exploiting outbreak

With sad predictability cybercriminals appear to be exploiting the Coronavirus outbreak that occurred in Wuhan, mainland China, and is now causing new infections around the world.

Researchers at IBM say that they have seen poisoned emails being sent to Japan, urging the recipient to open an attached Word document.

Emotet email example

Sign up to our free newsletter.
Security news, advice, and tips.

In one example the email claims that Corona virus infections have been reported in the Gifu Prefecture in Japan, and that details of infection prevention measures can be found in the attachment.

However, opening the Word document leads to a message telling the recipient to enable macros, which will ultimately mean the Emotet malware is downloaded onto the computer.

Msword doc

Cybercriminals are well-versed in social engineering, and realise that there are certain topics that will be more likely to trigger recipients into opening a dangerous attachment or clicking on a malicious link than others: for instance, a love letter, a missed parcel delivery, an unexpected purchase on your credit card, or a surprise parking ticket. All these disguises have been used time and time again to infect users’ computers.

Whether in this case the attackers have simply stolen existing messages from a compromised health centre in Kyoto and attached their malicious payload, or conjoured up the messages themselves, is hard to say definitively.

But it’s not really an important question. What we do know is that health advice around Coronavirus is something that will be of a great deal of interest to people in some parts of the world right now, and so these emails certainly fit the bill.

Meanwhile, in a brief blog post on its Spanish-language website, Kaspersky confirmed it had seen other malware spread via email, posing as video instructions on how members of the public could protect themselves from infection.

The malicious attachments included PDFs, MP4 movie files and Word documents.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.