SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Scammers using Bitcoin, sextortion to take advantage of Coronavirus fears
Fri, 20th Mar 2020
FYI, this story is more than a year old

Scammers are using the COVID-19 outbreak to target victims in a variety of ways, looking to take advantage of the crisis gripping the world.

Sophos has been tracking cybercriminals taking advantage of the situation, and says they are adapting and updating attack methods as real-time news unfolds.

A bogus email impersonating a charity with the World Health Organisation logo is requesting Bitcoin with wallet ID.

Chester Wisniewski, principal research scientist, Sophos says as people's fear and desire to do something about COVID-19 is dominating the news, it is also being exploited in every way by online criminals.

"First, Sophos noticed phishing attackers using the World Health Organization (WHO) as a lure. Next, numerous malware gangs began to disguise their malicious wares as COVID-19-themed documents. Now today, we are seeing cyberattackers impersonating WHO charities, this time the COVID-19 Solidarity Response Fund.

"These emails are fake, but very real looking and take advantage of new and until recently unheard of charitable organisations.," he says.

"The tell-tale clue is the request for Bitcoin, rather than credit cards or other currency. Due to the ability to trace and stop real wire transfers and credit cards, criminals prefer to rely on crypto-currencies to attempt to preserve their anonymity and freedom and the Bitcoin payment request seen here is a sign that something isn't right about this email," says Wisniewski.

"We haven't seen the novel nature of this attack before - impersonating charities around COVID-19."

Wisniewski says  any time the public's interest becomes fixated on a topic, scammers, spammers and malware authors latch on to the news and are determined to find a way to exploit the opportunity.

"We've seen this type of activity in the past, but rarely is the whole world so focused on one thing, making this chance to develop scams a little too good to be true for cybercriminals," he says.

He says almost all types of malicious online activity Sophos typically observes right now has in one way or another taken advantage of a COVID-19/Corona theme.

"There are limitless quantities of spams pitching expensive guaranteed Corona-proof masks, videos on how to construct your bunker and other "guides" to keeping your business or family safe. We have also seen common email-borne malware families like Fareit and Trickbot sending Centers for Disease Control and Prevention (CDC) and World Health Organization (WHO) themed malicious emails. The latest? Spams purporting to be from charities affiliated with the World Health Organization (WHO) asking for Bitcoin donations to assist those on the front lines fighting this outbreak. Whether you trust your government or not, criminals are emailing you to exploit your fear or distrust," says Wisniewski.

"Let's be clear. If you want advice from those who truly know what is happening, visit the website of your local health authority or ministry of health. Make a bookmark in your browser for the *real* WHO website at, and if you really want to make a financial contribution to those helping us stay safe in this fight, don't send Bitcoin, but go to the official website for the COVID-19 Solidarity Response Fund."
Sophos has also released a detailed article about an Android malware uses coronavirus for sextortion and ransomware combo.

"Like many other cyberthreats doing the rounds these days, the criminals have used the coronavirus pandemic as a lure, offering an intriguing if rather creepy app called COVID-19 19 TRACKER. The app offers to Track Real-Time Coronavirus Outbreak in your Street, City and State, and says it will Get Real-Time Statistics about Coronavirus outbreaks around you in over 100 countries," the company explains.

"However, if you're keeping your eye out for giveaway mistakes, it actually says outbreak around you, an error both of grammar and spelling.

Unlike most scams that come through via phishing emails, this is a done via an app, and it's important we remain vigilant, especially during difficult times like these."