The cybersecurity researcher Will Bushido discovered a cyber espionage campaign aimed to steal credential from at least 15 companies worldwide.
New cybercrime phishing campaign to spread malware, using OMS and Coronavirus as baits. Objective: to have the FormBook Trojan installed on the victim’s computer
Cybercrime campaigns to spread malware, using Coronavirus as an excuse, don’t stop. Indeed, it seems that they are multiplying. The latest was discovered by cyber security researcher @James_inthe_box and analyzed by the MalwareHunterTeam. The phishing email formally contains a text from the World Health Organization (WHO) with the latest details on the COVID-19 pandemic and an attached document (MY-HEALTH.PDF), which provides advice on how to protect yourself from the virus. In reality, however, it is a downloader (GuLoader) that installs the malicious FormBook code. It is a trojan specialized in information theft. Thanks to it, a cyber criminal is able to steal from the victim bank credentials and access to websites, cookies and the contents of the Windows clipboard.
The recommendations of cyber security experts and the World Health Organization to protect from phishing attempts, based on COVID-19
Unfortunately, it is not the first time that cybercrime has used WHO and Coronavirus to try to distribute malware. Should you receive such an email, cyber security experts recommend a series of procedures to avoid getting infected with the malicious code. Above all, never open the attachment even if the sender is authoritative and certified. Before doing so you need to have a confirmation from it. In addition, the Organization has issued an ad hoc alert following the phishing boom linked to COVID-19. This underlines that it would never ask users to log in to view safety information, nor would they send attachments to them if not requested. Furthermore, it suggests not to visit the proposed sites, unless they are the official one (www.who.int). Finally, remember that WHO does not ask for direct donations for appeals or emergency response plans, nor that it offers prizes via email.