Nasty Trickbot malware exploits people’s Coronavirus fears
Italian email addresses targeted
Malicious hackers are using people’s fear of the Coronavirus to spread malware, known as Trickbot, by emailing an official-looking message that claims to contain a document listing some helpful precautions. Instead, it contains an infected Word document.
The email has been sent to Italian email addresses. Italy has been one of the most affected countries by Coronavirus, and the spam emails are preying on its residents’ understandable concern about the disease.
- Coronavirus malware scams return with a venegeance
- Apple shuts all Chinese stores due to coronavirus
- Cisco offers free Webex licenses to deal with coronavirus
The emails contain the subject line “coronavirus: informazioni importanti su precauzioni” and claim to be sent by “Dr. Penelope Marchetti”.
It then goes on to warn, in Italian, that “due to the fact that cases of coronavirus infection are documented in your area, the World Health Organization has prepared a document that includes all necessary precautions against coronavirus infection. We strongly recommend that you read the document attached to this message!”.
Malware-infested document
If recipients open the Word document, the document tries to run a macro, which is a programmable series of inputs in a program. Usually, macros can be used to make shortcuts for more complex commands in certain programs, but attackers can use macros to run malicious programs and code.
According to security firm Sophos, which detected the threat, when the Word document is opened, a VBA macro file (vbaProject.bin), and several Word-related XML files are placed on the victim’s hard drive, and these connect to a PHP script on a remote server, which passes information about the PC, and downloads a malicious virus onto it.
If a user has macros disabled in Microsoft Word, then a message is displayed asking the victim to enable editing and enable content because “this document was created in an earlier version of Microsoft Office Word.” If the victim follows these steps, it allows the malicious code to be run.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
As Sophos points out, this malware has been doing the rounds before, but used spam emails that tried to trick people into opening the document, as it had information about credit cards or loans.
Unfortunately, the malicious users have realized that preying on people’s Coronavirus fears is a more effective way to trick people into opening the document.
Even though the emails are targeting Italians, it’s likely people in other countries could be targeted as Coronovirus spreads.
Stay safe
To make sure you don’t fall victim to this scam, or a similar one, there are certain precautions you should take.
First of all, never open an unsolicited email from someone you don’t recognise, and especially do not open any attachments to those emails.
If you are concerned about Coronavirus, visit official websites of organisations such as The World Health Organization. Official government correspondence will never be via unsolicited emails, and they will never ask you to open an attachment (especially a Word document) for important information.
- These are the best antivirus apps to help protect you online
Matt is TechRadar's Managing Editor for Core Tech, looking after computing and mobile technology. Having written for a number of publications such as PC Plus, PC Format, T3 and Linux Format, there's no aspect of technology that Matt isn't passionate about, especially computing and PC gaming. He’s personally reviewed and used most of the laptops in our best laptops guide - and since joining TechRadar in 2014, he's reviewed over 250 laptops and computing accessories personally.