COVID-19 vaccine: beware of phishing

Have you received a strange e-mail about COVID-19, offering you various solutions to buy an under-the-counter vaccine currently in distribution? Think twice before clicking on any link. In addition to trying to sell fake Covid-19 drugs and vaccines, hackers are using the latest news as bait for their phishing campaigns. Threat intelligence analysts have warned that cybercriminals are taking advantage of developments on the COVID vaccine distribution campaign to give rise to insidious malspam campaigns.

The threats

What threats are we talking about? These phishing campaigns contain a myriad of malicious files. We have singled out: .EXE with the name “Download_Covid 19 New approved vaccines.23.07.2020.exe” which, once clicked, will install an InfoStealer capable of obtaining information, such as logins, usernames and passwords from the user’s computer to allow attackers to take control of their social and non-social accounts. Another recent e-mail campaign contains the subject “pfizer’s Covid vaccine: 11 things you need to know” and a malicious executable file called “Covid-19 vaccine brief summary”, which was later found to be the AgentTesla malware. AgentTesla is an advanced RAT that functions as a keylogger and steals information that can monitor and collect input from the victim’s keyboard or system clipboard, take screenshots, and extract the credentials of a variety of software installed on the machine, including Google Chrome, Mozilla Firefox and Microsoft Outlook, for example. Analysts expect these vaccine-related campaigns to be just the first of many others that will target both organizations and individuals in the coming months as vaccine distribution is gaining momentum around the world. For more information on keyloggers, infostealers and other spyware, check out our blog.

Threat analysis

The attacks have been attributed to hackers supported by state entities and criminal groups. In other cases, they are groups of cybercriminals who try to deceive companies and users of the net by promising counterfeit drugs and vaccines, and are therefore very dangerous to health. Pharmaceutical companies are the main target at this stage. Microsoft said in a recent report that it has noticed attempts by Russian and North Korean hackers to steal valuable data from leading pharmaceutical companies and vaccine researchers. The American business giant said that most of the attacks in recent months were unsuccessful, but did not provide information on how many of them achieved their goal or the severity of those violations.

Conclusions and how to defend against threats

These threats are particularly subtle and very sophisticated as they play with the fear triggered in recent months by the pandemic. We share some tips that could help limit the damage of these criminal campaigns:
  • Check the complete e-mail address for each message received, as well as links that may contain misspellings of the real domain name.
  • Beware of lookalike domains: misspellings in emails or websites and unknown senders.
  • Protect mobile browsing and endpoints with advanced cybersecurity solutions that prevent browsing from known or unknown malicious phishing websites.
  • Never provide login credentials or personal information in response to a message or email.
  • Always keep all software and applications up to date.
  • Phishing attacks commonly use psychological techniques to induce haste, even by inventing authoritative requirements, to convince their targets to ignore their potential suspects on an email and to click on a link or open an attachment.
Beware!