Top 7 Ways Cybercriminals Profit from the COVID-19 Pandemic

By Ava McKinneyOnline Safety

How Cybercriminals Profit from the COVID-19 Pandemic: Top 7 Methods

Since the very beginning of the COVID-19 pandemic, cybercriminals have been trying to cash in on the situation. While some of these malicious campaigns have already been covered, here we’ll summarize and examine all the main ways the coronavirus topic is being exploited online today.

Introduction

Most often, cybercriminals use the panic surrounding COVID-19 to infect computers and mobile devices with malware. Various scams are also common, with the main goal of tricking victims into handing over their money.

Unfortunately, these methods are often effective, as the attack surface is rapidly changing and expanding—organizations are forced to quickly move online, exposing their systems to cyber threats.

Most modern attacks leverage the fear that comes with the spread of COVID-19. By fueling their campaigns with misinformation and fake posts, attackers successfully trick inattentive users into downloading malicious software and mobile apps.

While money is the primary motivation, some COVID-19-related operations also lay the groundwork for cyber espionage.

COVID-19-Related Cyber Threats

As Rob Lefferts, Vice President of Microsoft 365 Security, recently stated:

“Every country in the world has faced at least one cyberattack exploiting the COVID-19 theme.”

However, according to Microsoft, “coronavirus attacks” make up less than 2% of all daily attacks analyzed by the company. It’s important to note that there haven’t been any fundamentally new or original attacks—criminals have simply adapted their old, proven schemes to the pandemic theme. Let’s look at the most popular ways COVID-19 is being exploited for cybercrime.

1. Malicious Mobile Apps

Cybercriminals know how attached we are to our mobile devices, so they target them—especially under the cover of COVID-19. For example, researchers at Check Point identified at least 16 different mobile apps that promised up-to-date information about the virus, but instead delivered malware to users’ devices.

Among these malicious apps were the Hiddad adware and the Cerberus banking trojan, which steals personal data and money. Experts also found a malicious “dialer” app disguised as a COVID-19 information source.

All 16 apps were hosted on newly created domains related to the coronavirus. The number of such sites has skyrocketed in recent weeks.

2. Phishing Emails

Email phishing makes it even easier to spread fear-based disinformation. All it takes is a catchy subject line and a promise of urgent information.

In these campaigns, cybercriminals typically disguise malware as attachments. According to Group-IB, most COVID-19-themed phishing emails contain the AgentTesla spyware (45%), followed by NetWire (30%) and LokiBot (8%).

This allows attackers to easily collect personal and payment data from unsuspecting victims.

From February 13 to April 1, 2020, most malicious emails were disguised as notifications from the World Health Organization (WHO). Google analysts have noted a sharp increase in such emails.

3. Discounts on Malware Sold on Hacker Forums

Not only have cybersecurity vendors offered crisis deals to protect remote workers, but cybercriminals have also slashed prices on their products.

Researchers found over 500 posts on hacker forums where criminals offered discounts and promo codes for DDoS attacks, spam campaigns, and similar services.

Notably, creators of exploit kits offered their tools with promo codes like “COVID19” or “coronavirus.”

4. SMS Phishing (Smishing)

The U.S. Cybersecurity and Infrastructure Security Agency and the UK’s National Cyber Security Centre recently warned about a wave of SMS messages sent by “COVID” or “UKGOV.” These messages contained links to phishing sites.

Criminals didn’t stop at SMS—they also used popular messengers like WhatsApp, Telegram, and Skype for their campaigns.


5. Scams Involving Medical Masks and Sanitizers

Europol recently arrested a 39-year-old Singaporean who sent offers on behalf of a legitimate company, promising fast delivery of medical masks and hand sanitizers.

As a result, a European pharmaceutical company lost €6.64 million. Neither the masks nor the sanitizers were delivered, and the supplier disappeared.

6. Malware Spread via Video Conferencing Services

Cybercriminals have taken advantage of the surge in video conferencing to spread malware, especially targeting platforms like Zoom and Microsoft Teams.

Typically, users receive phishing emails with files named like “zoom-us-zoom_##########.exe” or “microsoft-teams_V#mu#D_##########.exe.”

Unwary users may download and run these files, infecting their computers with malware.

7. Ransomware Attacks

Interpol has warned about ransomware operations targeting medical institutions, which are already under immense pressure due to the pandemic.

Ransomware operators hold healthcare facilities digitally hostage, blocking critical files until a ransom is paid.

Conclusion

To protect yourself from pandemic-related scams, be especially cautious with every link you receive via email or messaging apps.

Also, always password-protect your video conferences to prevent unwanted intrusions.

We recommend checking the latest lists of known malicious websites and email addresses to stay informed and safe.

Leave a Reply