Powered by Topple

Another ‘virus’ bearing the coronavirus moniker is causing infections globally


Powered by Topple

Op-ed views and opinions expressed are solely those of the author.

The past few weeks have really changed our world. The outbreak of cases involving the Coronavirus has put most of the civilized work on lockdown and has forced our once-thriving economy into a downward spiral. Who could have thought, as Americans were waking up Christmas morning to Hot Chocolate and presents under the tree, that in a matter of just a few months, a sickness born in Wuhan, China, would have people around the world sitting on the edge of their seats, waiting for the next big break in this story.

As we find ourselves glued to the television, patiently watching what seems to be a never-ending series of press conferences, expert panels and partisan finger-pointing, a new danger has sprung up from the shadiest regions of the so-called dark web. As governments around the world are tied up at the moment looking to find ways to mitigate the damage and human loss associated with the Coronavirus, their laser focus on seeking the answers that can save lives has allowed a window of opportunity for those looking to prey upon the fears of the populous.

Mostly lost in the news cycle was a recent warning from the Cybersecurity & Infrastructure Security Agency (CISA), that the resulting public panic regarding the Coronavirus may provide hackers and other cybercriminals with an opportunity to “send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes.”

The warning was perfectly timed, as the aftermath of the worldwide growth of the Coronavirus pandemic has seen a spike in cases of email phishing campaigns that has tricked innocent victims into downloading malicious software programs after being promised vital information related to COVID-19.

One of the new malware strains born out of this worldwide crisis even bears the name of the pandemic. The CoronaVirus ransomware, also known as, CoronaVi2022 ransomware, operates as a file-locker that encrypts files and has the ability to overwrite the contents of the infected computer’s Master Boot Record (MBR).

The master boot overwrite wreaks havoc on the victim’s system, as the computer loses the ability to load its operating system and the computer screen simply displays a copy of the CoronaVirus Ransomware’s ransom message.

The creators of this new malware have even gone an extra step in designing a website that copies the name of an actual Windows PC utility – WiseCleaner. The bogus site is host to a modified copy of the WiseCleaner software that uploads the CoronaVirus Ransomware as well as KPOT, another malicious program, that collects the victim’s data.

Another new scam that has popped up is suspected to be executed by the Chinese hacking group known as “Vicious Panda.” This scheme involves a phishing campaign that sends out emails that are specifically being delivered to high-value targets in Mongolia. The email includes an attached document that claims to contain critical information regarding the Coronavirus outbreak in Mongolia. What it actually contains is a ‘.RTF’ file programmed to exploit vulnerabilities in Microsoft’s Word Equation Editor.

After the download takes place, the victim is presented with a document designed to look as if it was legitimately created by the Mongolian Ministry of Foreign Affairs. The malware used by Vicious Panda, a strain of the infamous Emotet ransomware, deploys a framework that allows them to later infect the victim’s PC with additional malware. Vicious Panda is also known to hoard data about their victims via screenshots and by gathering information stored in files and directories.

The new CoronaVirus ransomware and other malware strains have the potential to spread rapidly to a citizenry currently spending more time online as they deal with a period of involuntary social distancing and spend more time online. Several infection routes that include fake downloads, pirated software and phishing emails, all offer an opportunity for hackers looking to profit on the hysteria. At a time like this, people need to be extra careful of the websites they interact with as well as unknown websites or content.

The critical next few weeks present a golden opportunity for cybercriminals looking to turn a fast profit on the Coronavirus. This is the time to monitor the online activity of our children, our elderly and even our own, to ensure that we do not fall victim to any of the many new online schemes.

Julio Rivera


Latest Articles