|
 |
|
 |
 |
 |
 |
|
Our focus is mainly to offer software solutions to the customers for their networking needs and data security requirements |
|
|
|
 |
|
|
SSG Solutions (P) Ltd.
301,HI-LINE COMPLEX,
ROAD NO. 12,BANJARA HILLS,
HYDERABAD.
TELANGANA-500034
TELEPHONE : 040-23320189 |
|
| internet security, antivirus, software, virus, malware, antispyware, database, network,security, risk, compliance, SaaS, cloud security, encryption endpoint security, cloud security, mobile security, Antivirus, antispam, Data Loss Prevention, mcafee, symantec, microsoft |
|
|
|
|
|
|
|
|
|
|
|
|
 |
|
|
|
|
|
|
|
|
|
| COVID-19 is being used in a variety of malicious campaigns including email spam, BEC, malware, ransomware, and malicious domains. As the number of those afflicted continue to surge by thousands, campaigns that use the disease as a lure likewise increase. Trend Micro researchers are periodically sourcing for samples on COVID-19 related malicious campaigns. This report also includes detections from other researchers. |
|
|
|
| Update as of April 8 |
| Trend Micro Research has continued to find more phishing websites using the terms “coronavirus” or “COVID- 19” to trap users. Malicious actors are pretending to be legitimate organizations in an effort to collect valuable personal information.
The following have already been blocked and categorized as phishing sites. |
|
|
|
|
 |
adaminpomes[.]com/em/COVID-19/index-2[.]php |
|
mersrekdocuments[.]ir/Covid/COVID-19/index[.]php |
|
bookdocument[.]ir/Covid-19/COVID-19/index[.]php |
|
laciewinking[.]com/Vivek/COVID-19/ |
|
teetronics[.]club/vv/COVID-19/ |
|
glofinance[.]com/continue-saved-app/COVID-19/index[.]php |
|
starilionpla[.]website/do |
|
ayyappantat[.]com/img/view/COVID-19/index[.]php/ |
|
mortgageks[.]com/covid-19/ |
|
cdc[.]gov.coronavirus.secure.portal.dog-office.online/auth/auth/login2.html |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Malicious websites |
| Researchers reported two websites (antivirus-covid19[.]site and corona-antivirus[.]com) promoting an app that can supposedly protect users from COVID-19. The website antivirus-covid19[.]site, reported via the Malwarebytes’ blog, is now inaccessible. However, the website corona-antivirus[.]com, reported via the MalwareHunterTeam’s twitter account, is still active up to now.
There has been a notable increase in domain names using the word “corona” has also been observed by Bit Discovery. Trend Micro researchers confirmed the following domains as malicious: |
|
|
|
|
|
acccorona[.]com |
|
alphacoronavirusvaccine[.]com |
|
anticoronaproducts[.]com |
|
beatingcoronavirus[.]com |
|
bestcorona[.]com |
|
betacoronavirusvaccine[.]com |
|
buycoronavirusfacemasks[.]com |
|
byebyecoronavirus[.]com |
|
cdc-coronavirus[.]com |
|
combatcorona[.]com |
|
contra-coronavirus[.]com |
|
corona-armored[.]com |
|
corona-crisis[.]com |
|
corona-emergency[.]com |
|
corona-explained[.]com |
|
corona-iran[.]com |
|
corona-ratgeber[.]com |
|
coronadatabase[.]com |
|
coronadeathpool[.]com |
|
coronadetect[.]com |
|
coronadetection[.]com |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| BEC |
| A Business Email Compromise (BEC) attack mentioning COVID-19 was reported by Agari Cyber Intelligence Division (ACID). The attack, a continuation of an earlier BEC campaign, came from Ancient Tortoise, a cybercrime group behind multiple BEC cases in the past. |
|
|
| Ransomware |
| A new ransomware variant called CoronaVirus was spread through a fake Wise Cleaner site, a website that supposedly promoted system optimization, as reported by MalwareHunterTeam. Victims unknowingly download the file WSGSetup.exe from the fake site. The said file acts as a downloader for two types of malware: The CoronaVirus ransomware and password-stealing trojan named Kpot. This campaign follows the trend of recent ransomware attacks that go beyond encrypting data and steal information as well. |
|
|
|
|
|
| Mobile Threats |
| A mobile ransomware named CovidLock comes from a malicious Android app that supposedly helps track cases of COVID-19. The ransomware locks the phones of victims, who are given 48 hours to pay US$100 in bitcoin to regain access to their phone. Threats include the deletion of data stored in the phone and the leak of social media account details. A look at their cryptocurrency wallet shows that some victims have already paid the ransom on March 20. The final balance at the time of writing is 0.00018096 BTC. |
|
|
|
|
| Browser Apps |
| A mobile ransomware named CovidLock comes from a malicious Android app that supposedly helps track cases of COVID-19. The ransomware locks the phones of victims, who are given 48 hours to pay US$100 in bitcoin to regain access to their phone. Threats include the deletion of data stored in the phone and the leak of social media account details. A look at their cryptocurrency wallet shows that some victims have already paid the ransom on March 20. The final balance at the time of writing is 0.00018096 BTC.Browser Apps |
|
| |
| |
| |
| |
| https://www.trendmicro.com/vinfo/hk-en/security/news/cybercrime-and-digital-threats/coronavirus-used-in-spam-malware-file-names-and-malicious-domains |
|
|
|
