Threat Research

Spearphishing scams disguise malicious files as Covid-19 data

Threat Intelligence Team, 4 June 2020

Growing interest in Covid-19 information leads unsuspecting victims into a trap

It’s been several months since many people began working from their homes due to travel restrictions, health concerns, and social distancing measures. The rise in people working at home presents an ideal opportunity for attackers to gain access to their home networks. 

Attackers are now using spearphishing emails misusing Covid-19 information to do so, most of which is spam. This form of contact can make it easier to mislead victims to download and possibly open malicious documents. 

Taking advantage of everyone’s interest in news related to Covid-19, attackers are finding ways to use sources of Covid-19 information as bait. Below is an example of an email containing a Microsoft Excel Document with coronavirus (Covid-19) data in the U.S. 

When a user enables macros, this malicious document downloads and executes an executable file.

This executable file allows attackers to gain access to the victim's computer.

This is just one of the examples of attackers using the current situation in their favor. They are not limited to Word or Excel files, but also other file types that can be spread through emails.

How to avoid Covid-related spearphishing scams

Even with trusted sources, we should think twice before opening an attachment that contains Excel documents. This is especially true when the document requires the enabling of macros. 

The best way to stay safe is to use common sense, use antivirus software and ignore attachments from untrusted sources.