The gang behind the Trickbot malware is at the forefront of attempts to use the ongoing coronavirus crisis to trick computer users into downloading malware onto their devices.
Microsoft's Security Intelligence team said that during last week alone, the operation behind Trickbot sent out hundreds of emails purporting to relate to COVID-19 medical advice and testing, each with the aim of installing Trickbot malware via unique "macro-laced" malicious document attachments inside the message.
One of the most notorious malware families in existence, Trickbot started life as a banking trojan but has been re-purposed to become one of the most advanced and capable forms of delivering malware around today.
This includes the delivery of keyloggers, trojans and ransomware onto compromised computers, as well as the ability to maintain persistence on infected machines. It can also allow hackers to move around infected networks via the EternalBlue vulnerability, as well as operating with botnet-like capabilities to help further the spread of infections.
The latest Trickbot attacks come in the form of phishing emails claiming to be from volunteer and humanitarian groups offering COVID-19 testing. They claim that the victim can get more information about this by downloading an attached document – which in this case is an information-stealer.
Like other recent Trickbot campaigns, the macro waits twenty seconds before downloading the payload in an effort to evade detection or analysis.
As the coronavirus pandemic continues, cyber criminals and state-sponsored hacking operations have increasingly taken to using it as a lure to infiltrate networks or to steal personal information or banking details from individual users – especially as the increase in remote working has potentially left people more open to attacks.
Security bodies including the UK's National Cyber Security Centre (NCSC) and the US Department of Homeland Security (DHS) have warned about the rise in coronavirus-related cyberattacks as well as offering security advice and information on how to detect potentially suspicious emails.
It's also worth remembering that medical groups such as the World Health Organisation won't email individuals out of the blue to offer them a free test, nor will any of these bodies ask users to click on a link to enter bank details or other personal information.
MORE ON CYBERSECURITY
- Coronavirus scams: This is how much people have lost to online fraudsters so far
- Working from home makes you vulnerable to hackers. Here's how to stay safe CNET
- Nasty phishing scams aim to exploit coronavirus fears
- Cyber criminals now recycling standard phishing emails with coronavirus themes TechRepublic
- Roundup: Coronavirus COVID-19 pandemic delivers array of cybersecurity challenges