Coronavirus Fake Warning Emails Containing Malware Attachements
Scammers take advantage of every major news event, and especially emergencies, to trick people into opening emails, attachments and websites that
contain malware or lure visitors into giving up confidential information.
The Coronavirus event is no different. And be sure to see this page about scam
coronavirus cures and products.
About the Coronavirus scam emails
Scammers are sending emails that claim to provide information about how to protect yourself against the coronavirus.
The emails contain an attached Word document that contains malware, more specifically, a variety called Emotet.
At first, the scammers are using stolen emails to send messages that claim to be from Japanese health organizations. The emails include
attachments that, according to the spammers, will tell you how to avoid Coronavirus (a.k.a, 2019-nCoV). IOf course, by clicking on the attachment,
you infect your computer or device with their malware.
What happens if you click on the attachments?
If you click on the attachment, you will see the standard Emotet Office 365 document template
that asks you to "Enable Content" to properly view the full document. If you do that, the Emotet payload will be installed on the computer or device
using a PowerShell command.
The infected computer will then be used to
- deliver malicious spam messages to other others and
- to drop other malware strains onto the device
such as the Trickbot info stealer Trojan known for also delivering ransomware.
- This secondary payload will allow the attackers to harvest
user credentials, browser history, and sensitive documents that will be packed and sent to attacker-controlled storage servers
Right now (February 2020) the scammers are targeting people in Japan, so the emails are written in Japanese. Expect that to quickly morph into
other languages, just like the real world virus morphs.
What to do if you opened the attachments in the email
Odds are good that your computer is infected with Emotet.
- Disconnect your computer form the internet (unplug the cable connecting it to your router, or if it is connected wirelessly, click on
the wifi connection icon and disconnect it.
- Close any email applications. You want to avoid spreading the virus while you eliminate it. Some virus can still act in the background, but
this will help a bit.
- Buy a copy of MalwareBytes, you can order it at right and get a dvd copy; or if your device does not have a dvd drive, connect the computer
to the internet, and order and download Malwarebytes.
- Install Malwarebytes and run a full scan and clean. You may need to connect to the internet again for it to download upgrades, that's
ok.
- Once MalwareBytes is done, you should be fine!
How to avoid Coronavirus scams
- Don't click on links from sources you don't know. It could download a virus onto your computer or device.
- Keep anti-malware and anti-virus software on your computer is up to date.
- For real advice about the human coronavirus, how to avoid it and treatments for it, see this page.
- Ignore online claims of cures, prevention and vaccinations. If you see ads touting prevention, treatment, or cure claims
for the Coronavirus, ask yourself: if there's been a medical breakthrough, would you really be hearing about it for the first time through an ad
or sales pitch?
- Be careful with charities and donations, whether through charities or crowdfunding sites. Don't let anyone rush you into
making a donation. If someone wants donations in cash, by gift card, or by wiring money, don't do it.
- Watch out for scam "investment opportunities." The U.S. Securities and Exchange Commission (SEC) is warning people
about online promotions, including on social media, claiming that the products or services of publicly-traded companies can prevent, detect, or
cure coronavirus and that the stock of these companies will dramatically increase in value as a result.