Thousands of websites use COVID-19 to scam and distribute malware created every day

In the middle of the global COVID-19 pandemic, malicious hackers sought to automate but the unprecedented scale of the corona virus-related scam.

According to numerous reports, cybercriminals are constantly creating and publishing thousands of websites related to corona virus every day.

Most of these websites are used as a "springboard" for phishing attacks, distributing malware-containing files, or financial scams, enticing users to pay for drugs, vaccines, and counterfeit COVID-19 supplements.

The situation is worse than ever

Although a number of email fraud campaigns related to the corona virus started to appear in early February, now is the time when everything is at its peak.

Malware development groups regularly use corona virus-related emails to trick users into downloading malware, and even government hacker groups are catching up, adopting similar tactics. The situation is so complicated that the UK National Cyber ​​Security Center (NCSC) sent a security alert on Monday to inform the rise of phishing campaigns related to viruses. corona.

But just as the pandemic corona virus pandemic slowly spread from a few original countries, the world is getting more and more interested in this topic nowadays.

That gives cyber criminals a unique opportunity to trick users into downloading and installing malware, or shopping for fake products.

Over the past week, many security researchers have noticed a spike in the number of domains associated with the corona virus, with the number of attacks increasing with the spread of the disease.

From dozens every day in February, there are now thousands of new domain names appearing every day, including phrases like coronavirus, covid, pandemic, virus, or vaccines.

A security researcher with the nickname DustyFresh began tracking some of those domains last week. According to the list the researcher shared online, cyber criminals created more than 3,600 new domain names containing the phrase "coronavirus" from March 14 to March 18.

Some of them are legitimate websites, but the vast majority are domain names used for the purpose of phishing, spreading malware, or scams, selling vaccines and complementary foods.

But DustyFresh has only scanned new domains containing the term coronavirus. If you extend the scanning range to other terms such as covid, pandemic, virus, or vaccine, the results are even greater.

And that's exactly what the intelligence technology company RiskIQ was last week. The company is posting new lists of malicious domain names associated with the corona virus every day, and the numbers on the list are sure to surprise you.

For example, RiskIQ found that there were more than 13,500 suspicious domain names on Sunday, March 15; The following day, this number increased to more than 35,000; and the following day more than 17,000.

The ZDNet news site spent two days learning about some of the random domain names among them. They found a number of legitimate websites, but 9 out of 10 were fraudulent websites that lured viewers into buying fake drugs, or personal websites, mainly used to spread malware to light users. Click on the link in the email for example.

You can see for yourself that new domain names are being created faster than ever before in a website created by security researcher @sshell_, based on real-time information provided by RiskIQ.

Mobile users are also targeted

Phishing campaigns and malware distribution related to corona virus are not just aimed at desktop users. Mobile users are also affected.

Lukas Stefanko, a mobile malware analyst for ESET, is also monitoring every corona virus-related malware targeting Android users day by day. And according to this researcher's blog post, which is updated every day, the number of malware is enormous.

Among the campaigns aimed at Android users, there is a strain of ransomware with the ability to lock a user's device after they accidentally install a corona virus tracking application. Fortunately, Stefanko has discovered an unlock code that allows users to regain control of their smartphone without paying the required ransom. If you have installed the "Coronavirus Tracker" application and have your phone locked, use the code "4865083501" to unlock it.

In the coming months, malware and phishing campaigns will continue to increase and of course they will focus on taking advantage of the COVID-19 pandemic - because as mentioned earlier, hackers will not let one Global scale tragedy passed a waste!

Reference: ZDNet