Business

Cybersecurity firm says criminals are preying on coronavirus fears to spread malware

An American cybersecurity company says criminal groups are exploiting fears over the new coronavirus to try to attack the global shipping industry.

Criminals are using emails purportedly about the coronavirus to exploit a Microsoft Word vulnerability

coding
Cybersecurity firm Proofpoint says criminals have been exploiting a vulnerability in Microsoft Word to spread malware since at least 2016. But fears over the coronavirus have provided a new approach for criminals to trick users. (Martchan/Shutterstock)

An American cybersecurity company says criminal groups are exploiting fears over the new coronavirus to try to attack the global shipping industry.

California-based Proofpoint says it has detected a new email campaign that uses Microsoft Word attachments designed to trick recipients into installing a type of malware known as AZORult, malicious software that can steal sensitive information from a user's computer.

Proofpoint says criminals have been exploiting a vulnerability in Word to spread AZORult and other malware since at least 2016, including for downloading ransomware that can lock victims out of their systems unless they pay. However, there is currently no evidence that ransomware has been used in this latest scam. 

The company says the new email scam takes advantage of concerns about the virus, which has sickened more than 37,000 people worldwide. 

This screengrab provided by Proofpoint shows what the malware looks like. (Proofpoint)

"Its use in this campaign likely points to its proven effectiveness in other attacks and the attacker's belief that the industries they're targeting are slow to deploy patches," Proofpoint said.

It says the attackers seem to be sophisticated and have targeted industries that are susceptible to shipping disruptions including manufacturing, industrial, finance, transportation, pharmaceutical and cosmetic companies.

Proofpoint advises workers exercise caution when presented with coronavirus-themed email messages and attachments, as well as links and websites that could be used by criminals as lures.

The hackers appear to be operating out of Russia or somewhere in Eastern Europe, Proofpoint said.

"All emails with Coronavirus-themes and attachments should be treated with caution, even if they don't appear to be directly health related."

With files from CBC News