14 DAY TRIAL // US Attorney General William Barr has required in a public letter to US attorney offices to launch a nationwide campaign against COVID-19 scams, as a growing number of cybercriminals turn to the current pandemic to find new victims for their malicious purposes.
In many cases, scammers use emails, either for phishing or other activities, related to the coronavirus outbreak in an attempt to trick people into providing their credentials or downloading infected files.
“There have been reports of individuals and businesses selling fake cures for COVID-19 online and engaging in other forms of fraud, reports of phishing emails from entities posing as the World Health Organization or the Centers for Disease Control and Prevention, and reports of malware being inserted onto mobile apps designed to track the spread of the virus,” the AG said.
“The pandemic is dangerous enough without wrongdoers seeking to profit from public panic and this sort of conduct cannot be tolerated. Every U.S. Attorney's Office is thus hereby directed to prioritize the detection, investigation, and prosecution of all criminal conduct related to the current pandemic.”
Hackers trying to exploit the COVID-19 outbreak
The number of coronavirus-themed scams has indeed increased substantially lately, with security company proofpoint warning that it observed a new attempt to spread the malware known as RedLine Stealer using such an email campaign.
“The emails in this campaign abused the Folding@home brand, which is a distributed computing project for disease research, while also asking the recipient to help find a coronavirus cure. This campaign primarily targeted healthcare and manufacturing industries in the United States,” the security company warns.
Once it compromises a device, the malware can steal information like browser logins and passwords, cookies, autocomplete fields, and credit cards. It comes with support for all major browsers, while also collecting data regarding the victim, including IP, country, city username, OS, hardware information, and details about the security software running on the device.