Fear of the coronavirus infection is being leveraged by cyber criminals for their malicious activities, new research shows. Criminals disguised malware as documents proporting to be for educational purposes.
Kaspersky’s technologies have found malicious pdf, mp4 and docx files disguised as documents relating to the newly discovered Coronavirus. The file names imply that they include virus protection instructions, current threat developments and even virus detection techniques.
In fact, these files contained a number of malware samples, such as Trojans and worms that could damage or encrypt data.
Our malware analyst Anton Ivanov sums it up:
“The corona virus, which is currently hotly debated in the media, has been used as a bait by cybercriminals. So far, we’ve only identified ten unique files, but since this type of activity is common to popular media topics, we expect this number to increase. As people continue to worry about their health, fake documents that are said to educate them about the corona virus may be spreading more and more malware. “
Kaspersky products detect corona virus-related malicious files with the following detection names:
- Worm.VBS.Dinihou.r
- Worm.Python.Agent.c
- UDS: DangerousObject.Multi.Generic
- Trojan.WinLNK.Agent.gg
- Trojan.WinLNK.Agent.ew
- HEUR: Trojan.WinLNK.Agent.gen
- HEUR: Trojan.PDF.Badur.b
Kaspersky recommendations for protection against harmful content:
- Do not click on suspicious links that promise exclusive content, but obtain information from official, trustworthy sources.
- Check file extensions of downloaded files. Documents and video files don’t use the .EXE file format.
- Use a reliable security solution such as Kaspersky Security Cloud to ensure comprehensive protection against a wide range of threats.