Security News

Covid-19 scams continue

By

As the shelter -in-place continues, the scams around Covid-19 are rampant in the wild. SonicWall Capture Labs threat research team observed more scams in recent weeks.

The stimulus checks from government’s financial aid  have started arriving, and so have the spam scams.

Malicious executable file posing as Covid-19 relief packages are being distributed in the wild.

Typical infection cycle.

The malicious executable file makes contact with attacker’s domain

It also adds and modifies files, and deletes registry key settings.

People are eager to read any information regarding Covid-19, some email scams have appealing subjects as illustrated below.

The excel attachment is a malicious file. Upon opening it gives a message to enable content.

[Screen captured images of third party products or services are intended only to demonstrate the real-world application of the reported malware.]

The file modifies some registry entries.

 

Spammers are also delivering emails with malicious attachments in other languages.

[Screen captured images of third party products or services are intended only to demonstrate the real-world application of the reported malware.]

IoCs:

7ab96517f6852c124c82edf441496b2f005b11a4d1feb92f9cbfa2a2bffd1acb

604fca601eff958a55336ea836bf0fa3c52f73daec387143b1b03f5ff64758b7

6b084f7f1ca3d991ffea3f8b5b1fa3d45d8f5fe8dcf7242209d353749b3f3ed9

604fca601eff958a55336ea836bf0fa3c52f73daec387143b1b03f5ff64758b7

b66a6021b7fe7a66a448a868a46495eed8e98945cd0c75232599173f4407994e

kiencuonghotel.vn

SonicWall Capture Labs provides protection against this threat via the following signatures:

  • Kryptik.Covid.ELN
  • Downloader.COVID_7
  • TrojanDownloader.COVID
  • GAV:Downloader.XLS_12

 

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
Thanksgiving Holiday and Shopping Season Are Coming (Nov 21, 2016)
Steam - Rust Trainer, DGA & Miner Found
Most exploited vulnerabilities in this month
2019 SonicWall Cyber Threat Report: Unmasking Threats That Target Enterprises, Governments & SMBs
Microsoft Word Zero Day(CVE-2014-1761) Exploit Analysis (Apr 4, 2014)
WebLogic Node Manager Command Execution (Jan 27, 2010)
SSRF, vRealize Operations Manager API
New Waledac Trojan (Jan 23, 2009)