Coronavirus malware scams return with a venegeance

News
By published

Hackers use coronavirus fears to trick victims into new online scams.

(Image credit: Shutterstock)

Criminals are exploiting fears over the growing threat of coronavirus to trick users around the world with new online scams, experts have warned.

Research from security firm Proofpoint has found that email attacks using coronavirus as a hook are expanding in number and reach, with victims having personal and financial information stolen.

Some attacks are even spoofing official World Health Organisation (WHO) advice emails in order to make their scams appear more legitimate, with others claiming there is a worldwide conspiracy to hide the cure.

Coronavirus malware

Proofpoint's investigation found a number of distinct scams targeting users worried about the spread of coronavirus, along with attacks specifically targeting certain industries, with dedicated attacks against construction, education, energy, healthcare, industry, manufacturing, retail, and transportation companies.

In one attack, company employees were sent fake internal emails purporting to be from their firm’s president giving advice on what to do if affected by coronavirus - but in reality they are having their personal details stolen.

Another campaign claims there is a global conspiracy to cover up a cure for coronavirus, with victims told to click a link to find out the cure - but again, their personal details would be stolen through phishing sites.

(Image credit: Proofpoint)

A final campaign (pictured above) uses the logo of the WHO to spoof official advice emails, which trick users into downloading keylogging malware (AgentTesla) which can then record all keys pressed by the victim, potentially giving hackers access to online banking accounts.

The majority of attacks are being detected against Japan and the United States, although Proofpoint also saw large-scale incidents in Australia and Italy.

The company says it will continue to monitor the latest threats and issue advice where possible, with users reminded to, "be watchful and exercise caution where Coronavirus-themed emails and websites are concerned." 

Mike Moore
Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.

Latest in Security
Google Chrome dark mode
Google updates Chrome extension rules to ban affiliate link injection without user action or benefit
Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard
This worrying botnet targets unsecure TP-Link routers - thousands of devices already hacked
Avast cybersecurity
UK cybersecurity sector could be worth £13bn, research shows
An option to add Ambient Music buttons to the iOS 18.4 Control Center.
Apple fixes dangerous zero-day used in attacks against iPhones and iPads
Trump
Hackers are abusing $TRUMP tokens to lure victims in to new phishing scam
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
Latest in News
Two Android phones on a green and blue background showing Google Messages
Struggling with slow Google Messages photo transfers? Google says new update will make 'noticeable difference'
Elayne, Egwene, and Nynaeve dressed regally and on horseback in The Wheel of Time season 3
'There's a reason why we do it': The Wheel of Time showrunner responds to fans who are still upset over the Prime Video show's plot alterations
Google Pixel 9
Android 16 could bring an improved Samsung DeX-style desktop mode to more phones
An Nvidia GeForce RTX 4060 Ti
Nvidia could unleash RTX 5060 and 5060 Ti GPUs on PC gamers tomorrow, but there’s no sign of rumored RTX 5050 yet
AI writing
ChatGPT just wrote the most beautiful short story, and I wonder what I'm even doing here
Google Chrome dark mode
Google updates Chrome extension rules to ban affiliate link injection without user action or benefit
More about security
Google Chrome dark mode

Google updates Chrome extension rules to ban affiliate link injection without user action or benefit
Trump

Hackers are abusing $TRUMP tokens to lure victims in to new phishing scam
Some of the best mobile controllers on a colorful background.

The best mobile controllers 2025: upgrade your portable play
See more latest
Most Popular
Apple products all showing different versions of the Apple Photos app
Apple Photos could actually win you over in iOS 18.4 – here are 4 improvements that are coming
Google Chrome dark mode
Google updates Chrome extension rules to ban affiliate link injection without user action or benefit
JBL Charge 6
JBL's new Bluetooth speakers bring all the upgrades I most wanted to see, and they're coming soon
Two Android phones on a green and blue background showing Google Messages
Struggling with slow Google Messages photo transfers? Google says new update will make 'noticeable difference'
Windows 10 button on a keyboard
Microsoft’s Remote Desktop app becomes the Windows App
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Thursday, March 13 (game #375)
Trump
Hackers are abusing $TRUMP tokens to lure victims in to new phishing scam
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Thursday, March 13 (game #641)
Abstract image of robots working in an office environment including creating blueprint of robot arm, making a phone call, and typing on a keyboard
This worrying botnet targets unsecure TP-Link routers - thousands of devices already hacked
Quordle on a smartphone held in a hand
Quordle hints and answers for Thursday, March 13 (game #1144)