The surge of fake COVID-19 test results, vaccines and vaccination certificates on the Dark Web

Threat actors are offering fake COVID-19 test results and vaccination certificates in blackmarkets and hacking forums on the Dark Web.

While vaccination campaigns go ahead with different speeds in many countries multiple threat actors on the Dark Web started offering fake COVID-19 test results and vaccination certificates.

Multiple research teams, including mine, are monitoring these specific criminal activities in the principal cybercrime communities.

Users are searching for these types of documents to travel among countries with restrictions in places or to simply get a new job. With such high demand, criminal organizations are offering a broad range of products.

Researchers from CheckPoint recently discovered the availability of Fake ‘vaccine passport’ certificates on sale for $250, while fake negative COVID-19 test results go for just $25.

The researchers warn that Darknet advertisements for COVID-19 vaccines surged in the past three months by over 300%.

We already alerted the authorities of a worrisome increase in the offer of vaccines for sale. AstraZeneca, Sputnik, SINOPHARM and Johnson & Johnson could be acquired in the dark web for a price ranging between $500 and $1000 per dose.

“As we previously reported, a range of counterfeit coronavirus vaccines are offered, often touted from just $500 per dose. In recent weeks our researchers have spotted an increasing amount of advertisements for vaccines within Darknet markets:  currently numbering over 1,200, with sellers based in the U.S. and European countries including Spain, Germany, France and Russia.” reported CheckPoint. “This represents over a 300% increase since January 2021. The vaccines advertised include Oxford – AstraZeneca (at $500), Johnson & Johnson ($600), the Russian Sputnik vaccine ($600) and the Chinese SINOPHARM vaccine (at $750).”

Curiously, I can confirm that the prices was depending also on the news shared by media related to the alleged side-effects of some vaccines, shortly after the suspension of Astra Zeneca vaccine in some countries, its prices dropped in some hacking communities. Its prices dropped from $800 down to $400, while at the same time, with the approval by the USFDA of JOHNSON & JOHNSON single-dose vaccine, its price raised $600-$800.

Below a couple of images shared by CheckPoint researchers.

How much cost a fake vaccination certificate?

Multiple threat actors are offering fake vaccination certificates, some of them claim that the documents were issued by legitimate helthcare institutions. CheckPoint researchers have found a fake certificate from Russia that is offered at $135 while a seller from UK was offering a vaccination card for $150.

Researchers from threat intelligence firm Cyble also observed multiple sellers on cybercrime forums advertising COVID-19 vaccination certificates with deliveries available for specified Russian cities. A certificate for Russian citizens goes for 6000 Ruble, or approx. 79 USD. 

Experts also reported the availability of COVID-19 tests on sale, in many cases, the sellers were offering a special discount for those clients that will buy more than 2 documents.

“In addition to the Darknet and hacking forums, we’ve also spotted different websites that offer the ability to quickly create of authentic-looking negative COVID test documents, created promptly according to data input by users, in a very friendly user interface, for just $25.” continues CheckPoint. “Results are produces within 30 minutes and are sent discreetly to users’ email inbox.”

Below a list of tips shared by the experts to avoid buying fake documents:

• People should watch for authenticity indicators on documents such as misspellings, errors, low quality logos, and errors in terminology (e.g. ‘corona disease’ or ‘the covid epidemic’)
• Every country should internally manage a central repository of tests and vaccinated people, which can securely shared between relevant authorized bodies within the country.
• All data of tests and vaccination population should be digitally signed with encrypted keys
• Airports, border keepers and any official enforcement agent should have the ability to scan a QR or bar code (which is digitally signed – without this digital signature the code is highly exploitable!) on the certificate. The code should link to a secured repository that can validate the authenticity of the paper and whether the name on it did got the vaccine or was actually tested for COVID and got a (negative) result
• Going forward, countries should be able to share the digitally signed data to enable certificate holders to safety roam and cross borders. For example, Greece and Israel have already agreed to recognize each other’s vaccination certificates (also known as ‘green passports’).

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, COVID-19 vaccine)

[adrotate banner=”5″]

[adrotate banner=”13″]