IT Specialists Warn of Malware Increase During COVID-19

Published: 10 June 2020

Malware

Number of malicious emails containing banking Trojans is increasing. (Photo: pxfuel)

By Zdravko Ljubas

The number of banking Trojans and infostealers has gone up with the increase of mostly pandemic-related unemployment, according to a leading provider of cyber security solutions to governments and corporate enterprises globally.

“Criminals are using malicious CV and medical leave forms to spread malwares,” Check Point Software Technologies LTD warned on its blog earlier this week.

It said that overall cyber-attacks went up 16% compared to March and April, with an average of more than 158,000 coronavirus-related attacks each week in May.

The IT company reminded of the fact that more than 40 million US citizens “have filed for first-time unemployment benefits” since the coronavirus pandemic put the US economy on hold in March, as CNN reported at the time.

Because of this people became vulnerable to scams and phishing attacks involving relief package payments, according to IT specialists. Check Point said that, just in May, it spotted “250 new domains containing the word “employment”.”

Out of that number 7% were malicious, while another 9% were suspicious, read the report.

The result was that the number of CV-themed malicious files “doubled in the last two months,” with one out of every 450 malicious files being a CV-related scam.

Check Point also said it has recently discovered a “malicious campaign using the Zloader malware” to steal victims’ credentials and other private information. It explained that the Zloader malware is a banking Trojan and a variant of the Zeus malware that specifically targets customers of financial institutions.

Besides the CV-related malwares, the company said it also discovered a campaign that is using Medical Leave forms infected with the Icedid malware, also a “banking Trojan that steals users’ financial data.”

Cyber-criminals do not sit still, as a dominant banking Trojan, known as Trickbot, is constantly “being updated with new capabilities, features and distribution vectors,” the company warned.

The updates, as it explained, allows the malware to be “flexible and customizable enough to be distributed as part of a multipurpose campaign.”

Check Point therefore reminds of some golden rules of cyber-protection, like avoidance of lookalike domains, spelling errors in emails or websites and unfamiliar email senders.

It especially warns on COVID-19-related special email offers, such as “an exclusive cure for coronavirus for US$150,” when such a cure has not been invented yet.

The US and UK authorities in April also warned of increasing COVID-19-related scams, many of which operated from websites that advertised fake vaccines and cures.