With COVID-19 continuing to spread, the majority, if not at all of us, are now staying indoors as much as possible. And with companies changing their operations to an online model with remote working, cyber-security is more important than ever.
Evidently, COVID-19 is not the only virus that is spreading at the moment.
With the constant stream of updates and guidelines from government, health care officials and brands alike regarding COVID-19, it has become increasingly difficult to distinguish between true facts and false information as scammers and hackers are now impersonating trusted figureheads from these authoritative institutions.
In fact, just last week, trusted names and brands like Tupperware and the World Health Organisation have been attacked by cybercriminals who have hacked personal devices and corporate networks to steal important data.
To combat this, the anti-malware software, Malwarebytes, has detected several COVID-19 related scams and is now calling on all Australians to be vigilant, practice cybersecurity, and understand the types of scams that they are likely to receive in order to protect their data and personal information safe and secure.
The most recent threats discovered by the Malwarebytes Labs team, include:
- Web skimming campaign targeting Tupperware: A targeted cyberattack against household brand Tupperware and its associated websites that is still currently active, where threat actors compromised the official site. Malicious code is housed within an image file that activates a fraudulent payment form during the checkout process.
- Fake “Corona Antivirus”:Malwarebytes found a website advertising “Corona Antivirus – World’s best protection”, that was infact trying to get consumers to install a digital antivirus that supposedly protects against the actual COVID-19 virus. Upon installing the application, the computer will be infected with BlackNET RAT malware, turning your computer into a bot ready to receive commands.
- World Health Organisation impersonation: Malwarebytes discovered a phishing campaign impersonating the World Health Organisation (WHO) promising the latest on coronavirus, with an attachment containing malware upon being opened. In this particular campaign, threat actors use a fake e-book as a lure, claiming the ‘My Health E-book’ includes complete research on the global pandemic, as well as guidance on how to protect children and businesses – tempting information in this uncertain time. Once the e-book is downloaded, malware is installed onto the endpoint.
In order to avoid being scammed by these cybercriminals, follow Malwarebytes’ top tips:
- Be alert that scams exist and remain weary of any urgent emails or text messages coming through from unknown contacts. Checking to ensure correct spelling and grammar within the message is a first step in understanding whether it is a real official message, or a scam.
- Express caution when opening attachments to further information, as these can be primary containers of malware
- Install anti-malware software, such as Malwarebytes, to remediate and protect data should a scam occur and malware infiltrate your device