Scammers Are Selling ‘Blood and Saliva From a Coronavirus Survivor’ on the Dark Web

The pandemic has provided a huge new opportunity for hackers, scammers, and criminals to target frightened and vulnerable people.
hackers ransomware coronavirus
Frank Rumpenhorst/picture-alliance/dpa/AP Images

The ad on Own Shop, a dark web market, claims the vendor has been infected by coronavirus and is now selling their blood and saliva, which in theory could be immune to the virus and used to treat other coronavirus patients.

“I do this to provide for my family financially,” the post states, under the $1,000 price tag.

The hoax post is part of a huge surge in COVID-19-related scams on deep and dark web markets where criminals seek to exploit public fear by offering products that could allegedly serve as virus tests or vaccines.


Other items on sale include rapid COVID-19 test kits, temperature detectors, and even a purported coronavirus vaccine.

“The limited availability of coronavirus testing — especially in countries like the United States — leads to demand for such products in black markets,” a report from global intelligence firm IntSights published on Tuesday morning said. “In all likelihood, however, these ‘products’ are in no way real, and buyers would be scammed out of their money.”

Hackers, cybercriminals, scammers, and state-sponsored groups are all taking full advantage of the global coronavirus pandemic to gain a foothold inside secure government networks, and trick people into handing over their money, buying fake items, and disclosing personal information.

One of the most popular tactics for cybercriminals is to register websites using names like “corona” or “covid” to trick victims into thinking they are official domains.

READ: Here's how China is rewriting the history of the coronavirus pandemic to make itself the hero

According to data gathered by IntSights, there's been an exponential rise in the number of domains registered using these terms. In the whole of 2019, only 190 domains were registered using the words “corona” and “covid.” In January of 2020 alone, that number was over 1400, and during February, it soared to over 5,000 before topping 38,000 in March.

While some of the sites are legitimate, many are being used by criminals to lure unsuspecting victims to hand over their personal information or even their money.


Ransomware groups are also using coronavirus to try to force people into paying money to unlock their computers.

One ransomware sample observed by IntSights included a question-and-answer document that explained what the hackers could do if the ransom wasn’t paid.

“If I want, I could even infect your whole family with the coronavirus, reveal all your secrets. There are countless things I could do,” the hacker wrote.

While it may seem obvious to most people that this is a hollow threat, it will work on some.

READ: Spain is creating isolation facilities for ‘silent carriers’ of coronavirus

“These types of fear tactics work on a vulnerable population of people during a frightening pandemic,” the report says. “Threat actors use these fear tactics because they work. We have also observed similar psychological tactics used in sextortion scams, in which the threat actor tells the victim that he has access to the victim’s camera or photos with evidence of wrongdoing.”

Hackers are also trying to take advantage of people’s desire for information during the pandemic by hiding malware inside documents designed to look like official safety measures from the likes of the Chinese Ministry of Health.

Another gang is distributing a malicious version of the Johns Hopkins Coronavirus Map that so many people rely on for updates on deaths and infections around the world.

While some hackers are targeting vulnerable individuals as part of their campaigns, others are going after critical institutions and infrastructure during the pandemic, including hospitals and health organizations.


The World Health Organization last week said that cyberattacks against it had doubled since the coronavirus outbreak began, and it’s not alone in being targeted.

“Hackers are relentlessly targeting healthcare networks, endpoints, and Internet of Things devices in hopes to make [money],” the report said. “Ransomware is still running rampant in the industry, shutting down entire hospitals and disabling life-saving medical devices.”

**Listen and subscribe: Via *Via Apple Podcasts* | Via Spotify | Via Stitcher or anywhere else you get your podcasts**

Cover: IT security scientists are training in the "Cyber Range" room in the new "Athene" cyber security centre how infiltrated blackmail programs ("Ransomware") can be rendered harmless. 04 December 2019, Hessen, Darmstadt: (Frank Rumpenhorst/picture-alliance/dpa/AP Images)