2020 has been a year like no other we’ve experienced. The year started normally for most of us, but a world away in China, the seeds were being sewn for a global pandemic. While in America, feelings surrounding social justice issues were about to boil over into a national movement in cities all across the US. Well, opportunistic hackers have decided to use these movements to capitalize on a citizenry looking for information related to these major 2020 themes.
Hackers are Using Fake COVID-19 and Black Lives Matter Phishing Emails as Bait to Lure Victims
A recent report from security firm Quick Heal technologies shows that more than 143 million malware threats were detected in computers during the April-June quarter. The month of June saw a staggering 64 million cases alone, which indicated an uptick as summer began. Some experts believe that this new malware spike is related to the opening of businesses as the world began to reopen its economy in the aftermath of COVID. Quick Heal also said that malware was responsible for 38% of the total Android infections during the same quarter, followed by PUP and adware.
According to Quick Heal: “Cybercriminals are taking advantage of COVID-19 pandemic for spreading malware and infecting devices to steal victim’s data.”
Attackers have been sending both fake COVID-19 and Black Lives Matter themed phishing emails as hackers continue following and capitalizing on the news cycle. Part of the campaign has centered around phony offers of free data or subscriptions with a corrupted link provided as a penetration vehicle.
Quick Heal discovered a series of messages offering free Netflix subscriptions from the domain netflix-usa[.]net. This link opens a page asking to share a message with ad pop-ups. The message in question was used by attackers to generate traffic for a particular website.
Of all the malware infection types, Trojans, which are designed to mislead regarding their true intent, were responsible for 51% of these attacks.
Quick Heal also saw that the infamous TrickBot strain continues to thrive as a malware distributor. TrickBot is mostly employed as part of a phishing or spam email campaign, which tricks users into downloading the malware’s payload. Recently, several of these campaigns used fake COVID-19 phishing and fake Black Lives Matter information.
Quick Heal also pointed out the emergence of Server Message Block (or SMB) exploits that allow hackers to take control of the victim’s machine remotely and crash any system in the network. SMBGhost, SMBleed and SMBLost are some of the vulnerabilities which have been observed since March 2020.
As always, these hacking campaign’s motive is to steal data and get sensitive information from victims that can be sold on the Dark Web.
If you are still having trouble, consider contacting remote technical support options.