Security News

Covid-19 scams continue

By

As the shelter -in-place continues, the scams around Covid-19 are rampant in the wild. SonicWall Capture Labs threat research team observed more scams in recent weeks.

The stimulus checks from government’s financial aid  have started arriving, and so have the spam scams.

Malicious executable file posing as Covid-19 relief packages are being distributed in the wild.

Typical infection cycle.

The malicious executable file makes contact with attacker’s domain

It also adds and modifies files, and deletes registry key settings.

People are eager to read any information regarding Covid-19, some email scams have appealing subjects as illustrated below.

The excel attachment is a malicious file. Upon opening it gives a message to enable content.

[Screen captured images of third party products or services are intended only to demonstrate the real-world application of the reported malware.]

The file modifies some registry entries.

 

Spammers are also delivering emails with malicious attachments in other languages.

[Screen captured images of third party products or services are intended only to demonstrate the real-world application of the reported malware.]

IoCs:

7ab96517f6852c124c82edf441496b2f005b11a4d1feb92f9cbfa2a2bffd1acb

604fca601eff958a55336ea836bf0fa3c52f73daec387143b1b03f5ff64758b7

6b084f7f1ca3d991ffea3f8b5b1fa3d45d8f5fe8dcf7242209d353749b3f3ed9

604fca601eff958a55336ea836bf0fa3c52f73daec387143b1b03f5ff64758b7

b66a6021b7fe7a66a448a868a46495eed8e98945cd0c75232599173f4407994e

kiencuonghotel.vn

SonicWall Capture Labs provides protection against this threat via the following signatures:

  • Kryptik.Covid.ELN
  • Downloader.COVID_7
  • TrojanDownloader.COVID
  • GAV:Downloader.XLS_12

 

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
Microsoft Security Bulletin Coverage for May 2019
Runouce Trojan with IRC bot spreads via .eml files (March 24, 2016)
Another TLS Vulnerability - Logjam Found Last Week (May 28, 2015)
Attackers actively targeting vulnerable AVTECH devices
Mongo-Lock Ransomware
Oracle Micros PoS Customers Targeted By MalumPoS Malware
Unravelled VBE script drops Banking Trojan (Aug 28th, 2015)
Fake Canada Post Spam campaign leads to Trojan (Jan 20, 2012)