Opportunistic cyber criminals are leveraging the COVID-19 situation to conduct malicious cyber activities through means such as emails or messages that entice users to open malicious attachments by offering more information related to the COVID-19 situation.
The malicious files in these emails or messages could be masked under the guise of links, pdf, mp4 or docx files with link or file names that are associated with the COVID-19 situation, such as how to protect yourself from the virus, updates on the threat or virus detection procedures. These files could host a range of threats from Trojans to worms which are capable of destroying, blocking, modifying or copying data, as well as interfering with the operation of computers or computer networks, when users click on the links or open the attachments.
In particular, there have been reports of an active Emotet malspam campaign in Japan where cyber criminals sent emails which were disguised as official notifications from disability welfare service providers and public health centres. These emails claimed to provide details on the preventive measures against the virus, in order to entice potential victims to open the malicious attachments in the emails. For more information on how the Emotet malware works, please refer to our previous advisory here https://www.csa.gov.sg/singcert/advisories/emotet-malware-campaign-2019
Due to the heightened concern about the situation, it is likely that there will be more of such threat actors who will ride on the situation to conduct their malicious cyber activities. Users are reminded not to click on links or open attachments found in suspicious-looking emails or messages. Users should also refer to official sources such as the Ministry of Health (MOH) website for the latest information on the COVID-19 situation.