Hackers Are Using the Coronavirus Panic to Spread Malware

Hackers are posing as the CDC and public health organizations to get people to open virus-laden files.
Image: Getty

Hackers are using the public’s fear of the coronavirus to steal passwords and spread malware, according to multiple cybersecurity firms and computer security experts. The setup is usually simple—a malicious actor sends a mark an email or message that appears to come from an official government source, such as the Centers for Disease Control, and gets the mark to click a link that asks for personal info. It’s an old scam updated to prey on people’s coronavirus fears..


“The most prominent coronavirus-themed campaign targeted Japan, distributing emotet…in malicious email attachments feigning to be sent by a Japanese disability welfare service provider,” California-based cyber security company Check Point said in a report. “The emails appear to be reporting where the infection is spreading in several Japanese cities, encouraging the victim to open the document which, if opened, attempts to download emotet on their computer.”

Emotet is a trojan malware program that, once installed, sits on the victim’s computer and gathers personal information. Not every coronavirus-themed malware requires the user to install software. Many of them are simple phishing attempts with a coronavirus theme.

In a typical example, described at in Trustwave's SpiderLabs Blog, a strange email address pretending to come from the CDC will reach out to a victim telling them a city near them has reported a coronavirus outbreak. The email asks the victim to click a link for more info. The link appears to be legitimate but redirects to a phishing website that replicates a Windows login and asks the users for their email and password.

The CDC isn’t going to email you a press release about the coronavirus spreading in your state or country. The World Health Organization won’t send you an email with attached documentation explaining what you should do to help stop that spread of the coronavirus. If you receive an email like this, treat it skeptically. Look at the email address it comes from and check the grammar and spelling of the email. If something looks off, report the email as spam.

Computer criminals follow trends. When something is popular in the press, it becomes popular in the malware community. Ahead of the release of Star Wars: Rise of the Skywalker, spammers hid malware and phishing attempts in links to leaked copies of the movie. But the links never went to the film, and the coronavirus emails don’t contain useful information about the virus.

It’s best to be vigilant out there. “Be mindful of the content of the email [and] what it wants you to do or access,” Trustwave's SpiderLabs said on its blog. “Get reliable news from reliable sources. Don’t rely on unexpected spam, and check the link first before clicking by doing a mouse hover over it.”