As COVID-19 trends across media globally, this has given cybercriminals an opportunity to leverage from the hype, in turn, scamming individuals & organizations all over the world. Read our latest Cyber Threat Advisory by Kawthar Al Abdullah - Cyber Threat Analyst at CTM360®

1. Severity:
HIGH
C​ORONAVIRUS​ R​ELATED​ S​CAMS
​ B​Y
K​AWTHAR​ A​BDULLA
C​YBER​ T​HREAT​ A​NALYST
Reference: CTM-ADV-0320-1
Date: 23rd March 2020
Category: Scams
THREAT TARGETS:
● All Sectors & Industries
● General Public
POSSIBLE IMPACTS:
● Compromise of financial credentials &
confidential data
● Compromise of user data
● Financial, Reputational and Data loss
TARGET AUDIENCE FOR CIRCULATION:
● Administrators of internet facing
infrastructure services
● IT security team, Management & Staff
Description
As the current pandemic crisis has scaled across the globe, there has already been a surprisingly large number of
cyber crime related incidents. Cybercriminals are using the novel COVID-19 issue as a base for their attacks,
which includes spreading malware through files containing information about Coronavirus, fake news to spread
worldwide fear, panic, and even scams related to masks or cures.
Researchers have found pdfs, mp4s and Docx files camouflaged as documents connected with the virus. The files
are advertised to have some instructions or advice about the virus and even remedies that are completely false.
The malicious files can destroy, block, modify, or copy the data of victims’ machines. Moreover, these threats are
capable of interfering with the operation of computers and their networks.
Following are the names detected for the malicious files:
● Worm.VBS.Dinihou.r
● Worm.Python.Agent.c
● UDS:DangerousBoject.Multi.Generic
● Trojan.WinLNK.Agent. gg
● Trojan.WinLNK.Agent.ew
● HEUR:Trojan.WinLnk.Agent.gen
● HEUR:Trojan.PDF.Badur.b
A recent campaign had been identified, where the attackers target industries such as manufacturing, industrial,
finance, transportation, pharmaceutical and cosmetics.
Copyright ©2020 CTM360® www.ctm360.com 1
#staysafe #‫ﻛﻠﻨﺎ_ﻓﺮﯾﻖ_اﻟﺒﺤﺮﯾﻦ‬

2. Severity:
HIGH
Attackers, in this case, are sending malicious emails to the victims warning them about the impact of the
coronavirus on their respective industries. The emails contain a Word document attachment that will help in
exploiting a Microsoft Office vulnerability discovered back in 2017 which drops AZORult information-stealing
malware.
Coronavirus related scams:
1. Emotet
Coronavirus based malicious emails have been spreading. Based on researchers, the most common
language for these emails is Japanese. Which may indicate that Asia is the most targeted region.
2. Fake news
As Coronavirus spreads, so does fake news. cybercriminals have been leveraging the panic for their own
gain, by manipulating media content.
3. Fake Alerts
The public demand is to be up to date with the latest news on the Coronavirus, however, this opens
doors to scammers sending out fake news alerts that may be phishing emails/websites containing
malware, malicious content and more.
4. Face Mask scams
The growing demand for face masks leads to online shopping scams and financial loses by consumers
5. Phishing scams
Phishing emails having malicious URLs and attachments under the theme of Coronavirus awareness have
also increased.
6. Fake Cures
Scammers are also posting some fake cures and dangerous claims for Coronavirus via Social Media
platforms and blogs.
Recommendation
CTM360 recommends the following tips to help people identify and avoid such campaigns:
1. Be wary of any posts or messages that cause you to feel any strong emotions such as fear, as attackers
use this as a way to attract their victims.
2. Steer clear of opening e-mail and attachments from unknown sources.
3. Ensure not to give any personal or financial information to an unverified contact.
4. Ensure the antivirus and anti-malware on your computer are up to date.
Copyright ©2020 CTM360® www.ctm360.com 2
#staysafe #‫ﻛﻠﻨﺎ_ﻓﺮﯾﻖ_اﻟﺒﺤﺮﯾﻦ‬

3. Severity:
HIGH
5. Avoid downloading .exe or .lnk format documents from untrusted sources.
6. Ignore online offers for vaccinations against coronavirus.
7. Always rely on verified sources with strong reputations for your information and services.
8. If you come across such scams, please email us at ​report@ctm360.com
Organizations should to adhere to the following best practices:
1. Use trusted sources, such as legitimate government websites — for up-to-date, fact-based information
about COVID-19.
2. Organizations should ensure that remote access technologies are configured securely so that employees
can conduct business securely from home, also using multi-factor authentication should be encouraged.
3. Individuals should keep away from using unauthorized personal devices for work, and ensure "personal
devices will need to have the same level of security as a company-owned device, and you will also need
to consider the privacy implications of employee-owned devices connecting to a business network."
4. Watch out for emails and files received from unknown senders. Most importantly, check a sender's email
address for authenticity, don't open unknown attachments or click on suspicious links, and avoid emails
that ask them to share sensitive data such as account passwords or bank information.
NOTE: Organizations can contact us for a Threat Intel Feed on COVID-19 through Cyber Blindspot (CBS),
a product of CTM360.
References:
● https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/coronavirus-used-in-spam-malware-file-
names-and-malicious-domains
● https://www.performanta.com/resources/coronavirus-fears-exploited-by-newly-registered-domains/
● https://cybersecuritynews.com/fake-coronavirus-maps/
● https://gbhackers.com/malware-via-weaponized-coronavirus-lure-documents/
● https://usa.kaspersky.com/blog/coronavirus-used-to-spread-malware-online/20213/
● https://www.securityweek.com/coronavirus-themed-emails-deliver-malware-phishing-scams
Disclaimer
The information contained in this document is meant to provide general guidance and brief information to the intended recipient pertaining to the incident and
recommended action. Therefore, this information is provided "as is" without warranties of any kind, express or implied, including accuracy, timeliness, and
completeness. Consequently, under NO condition shall CTM360®, its related partners, directors, principals, agents or employees be liable for any direct, indirect,
accidental, special, exemplary, punitive, consequential or other damages or claims whatsoever including, but not limited to: loss of data, loss in profits/business,
network disruption…etc., arising out of or in connection with this advisory.
For more information:
Email: monitor@ctm360.com​ ​Tel: (+973) 77 360 360
Copyright ©2020 CTM360® www.ctm360.com 3
#staysafe #‫ﻛﻠﻨﺎ_ﻓﺮﯾﻖ_اﻟﺒﺤﺮﯾﻦ‬