Coronavirus-themed attacks April 12 – April 18, 2020

This post includes the details of the Coronavirus-themed attacks launched from April 12 to April 18, 2020.

Threat actors exploit the interest in the Coronavirus outbreak while infections increase worldwide, experts are observing new campaigns on a daily bases.

Below a list of attacks detected this week.

April 14 – Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

PaloAlto Networks experts warn of malicious Coronavirus themed phishing campaigns targeting government and medical organizations.

April 14 – FTC says $12 million were lost due to Coronavirus-related scams

Consumer reports received since January 2020 revealed that that approximately $12 million were lost due to Coronavirus-related scams, FTC says.

April 15 – Coronavirus-themed attack: Experts uncovered flight refund scam

Experts at email security firm Mimecast has uncovered a flight refund scam that attempts to exploit the ongoing COVID19 outbreak.

April 16 – Hunting the COVID19 in the dark web – A month later

At the end of February, I analyzed major black marketplaces searching for anything related to the COVID19 outbreak, a month later things are completely changed.

April 17 – Gmail blocked 18 Million phishing and malware emails using COVID-19 lures in a week

Google says that the Gmail malware scanners have blocked around 18 million phishing and malware emails using COVID-19 lures in just one week.

April 17 – Syria-linked APT group SEA targets Android users with COVID19 lures

Syrian-linked APT group SEA recently used COVID-19-themed lures as part of a long-running surveillance campaign, security researchers warn.

April 18 – Trickbot is the most prolific malware operation using COVID-19 themed lures

TrickBot is the malware that most of all is involved in COVID-19-themed attacks, Microsoft’s Office 365 Advanced Threat Protection (ATP) data reveals.

April 18 – COVID19-themed campaign targets energy sector with PoetRAT

Threat actors employed the previously-undetected PoetRAT Trojan in a COVID19-themed campaign aimed at government and energy sectors.

If you are interested in COVID19-themed attacks from February 1 give a look at the following posts:

https://securityaffairs.co/wordpress/100698/hacking/coronavirus-themed-attacks-march-22-march-28-2020.html

https://securityaffairs.co/wordpress/101463/hacking/coronavirus-themed-attacks-apr-5-apr-11-20.html

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – malware, COVID19)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.