Written by Anthony Carballo
on March 24, 2020

COVID-19 is one of the most important topics around the world right now, and criminals are taking advantage of the current situation. It seems that they don't care how fragile the population is regarding the new coronavirus; they're using it as an opportunity to hack you! Criminals' ingenuity never ends; they are making scams everywhere, from clickbait on fake news to malicious websites for malware download.



We have seen phishing attempts with coronavirus-related subjects, containing malicious attachments. Some of them with names like "list of cases" others come as a disguised link, trying to trick you into going to a malicious site. Cybercriminals are sending these phishing emails intended to look like they're from U.S. health entities. In other cases, they are spoofing the full email address, making it look like it is coming from the World Health Organization (WHO), so it seems more convincing.

There is also another type of phishing which is not sent by email. Social media, like Facebook or WhatsApp, has become another attack vector for hackers to use. We have seen messages over WhatsApp, where they state that the government is giving either money or food to help people fight the pandemic. In the message, there is a malicious link that is disguised as the link you need to enter to get the bonus from the government.


There is malware on mobile applications. For instance, there was an app that already has been banned from the stores (expect more to come) that claimed to contain vital information about COVID-19. However, once you installed it and then opened the same, the app locked your phone, requesting payment to unlock it. Yes, ransomware for cellphones.

There is another recently spotted Malware on mobile applications, it is known as Ginp, this malware is from the family of banking Trojans. Its capabilities include sending all the victim’s contacts to its creators, intercepting text messages, stealing bank card data, and overlaid banking apps with phishing windows so you enter your credentials in the fake screen.

In this case, the mobile app masquerades as a coronavirus finder, like a map, "showing" you the number of people infected with coronavirus near you and urges you to pay a small sum to see the location of those people and who they are. In reality, what they want is to steal your credit card information. It can skim the PlayStore form for entering card data, after you fill it with your information, it goes directly to the cyber criminals.

Malware for computers is the most frequently seen method attackers are using to steal information or get a ransom. Cyber criminals are using this method to spread malware across both private individuals and companies. For instance, there is a new malware variant from the HawkEye family; this malware is being distributed in emails spoofing the WHO.

The email has an attachment with the malware which deploys a keylogger and info-stealer. When the attachment is opened, there's an executable inside the archive, which is already the first sign of a typical malicious file. One thing worth mentioning is that the attackers put some effort into hiding their real intentions. The malicious executable, in this case, is named Coronavirus Disease (Covid-19) CURE.exe

This keylogger can log keystrokes, steal credentials, capture screenshots, and send stolen data to the adversaries.


Cyber criminals take advantage of the crisis, and how vulnerable people become during this time, it is unbelievable how threat actors play with the fears and hopes of the people. Our recommendations are simple.

  • Be skeptical, don't trust everything.
  • Think twice when you see a link, or an attachment from a strange email or message on your social media, even if it's one of your friends who sent it.
  • Don't trust mobile applications that claim to provide COVID-19 information or maps; there are good and trusted sources of information that provide the appropriate information related to the matter.
  • Trust only sources of information that you know have been reliable all the time. Fake news used to create more panic and, on some occasions, are either clickbait or aim to steal information.

We know during a crisis, things can be tough, and people try to get the most information they can, anxiety sometimes wins over common sense. We feel the duty to help people and organizations. This is why we are offering our tool-free for individuals so you can stay at home and keep your work going securely.

Let Us Know What You Thought about this Post.

Put your Comment Below.

You may also like:

Cybersecurity Awareness Vulnerability Threat Hunting PowerShell

Analísis de la necesidad de registrar eventos de PowerShell.

Amedida que continuamos desarrollando CyberEasy, nuestro equipo de ingeniería agregó muchas características para habilit...

Cybersecurity Awareness Vulnerability Threat Hunting PowerShell

The need for PowerShell logging and further analysis.

As we continue to develop CyberEasy, our engineering team added a lot of features for enabling, collecting and analyzing...

Phishing Vulnerability

COVID-19 y estafas

COVID-19 es uno de los temas más importantes en todo el mundo en este momento, y los ciberdelincuentes se están aprovech...