According to a new report, hackers are taking advantage of the Coronavirus pandemic. In the report published by Check Point Research, threat actors are exploiting the outbreak and spreading their own infections by registering malicious Coronavirus-related domains and selling discounted malware on the dark web.

"Special offers by different hackers promoting their 'goods' — usually malicious malware or exploit tools — are being sold over the darknet under special offers with 'COVID19' or 'coronavirus' as discount codes, targeting wannabe cyber-attackers," the cybersecurity firm said.

Since the beginning of the year, there has been a significant rise in malicious Coronavirus-related domains that have been registered.

"In the past three weeks alone (since the end of February 2020), we have noticed a huge increase in the number of domains registered — the average number of new domains is almost 10 times more than the average number found in previous weeks," the researchers said. "0.8 percent of these domains were found to be malicious (93 websites), and another 19 percent were found to be suspicious (more than 2,200 websites)."

Some of the malicious tools that were made available for purchase at a discounted rate includes “WinDefender bypass” and “Build to bypass email and chrome security.”  Hacker group “SSHacker” is even offering a service of hacking into Facebook accounts.

Some of the latest are cyberattacks against hospitals and testing centers. Attacks such as phishing campaigns that distribute malware via links and attachments execute malware and ransomware with the intent to profit off of the pandemic.  Some of these attacks include:

• APT36, a Pakistani state-sponsored threat actor was discovered to be using Coronavirus-themed baits that masqueraded as health advisories to deploy the Crimson Remote Administration Tool on systems they targeted

• A malware campaign launched by North Korean hackers used booby-trapped documents that outlined South Korea’s response to the Coronavirus pandemic as a lure to infect machines with BabyShark Malware. Researchers from IssueMakersLab uncovered this malware

• A Coronavirus-themed malspam campaign that targeted several different industries including the manufacturing, finance and pharmaceutical industries via Microsoft Word documents. These documents that also attacked the industrial, transportation and cosmetic industries exploited a two-plus year old bug in Equation Editor to install AZORult malware

• A fake android app called “COVID19 Tracker”, posing as a “real-time” coronavirus tracking app, was found to abuse user permissions so that it can change the phone’s lock screen password and install ransomware for a $100 bitcoin ransom

• A phishing attack that targeted university staff and students with emails that would redirect them to a fake Office 365 login page in an effort to try to steal their Office 365 credentials

• Comment spamming attacks on websites that seemed as if they were redirecting users to a Coronavirus information website, when in reality they were being redirected to a drug-selling business

• Spam emails that would aim to trick recipients into pay for masks, when in reality nothing would be sent.

These attacks are feeding off people’s fears around COVID-19 and their need for information. It’s important to practice safe habits online to avoid falling victim to these online threats.  Such practices include:

• Ensuring secure remote access technologies are in place.

• Use multi-factor authentication

• Ensure all devices have the same level of security that a company-owned device would have if you’re using a personal device from home

• Be wary of emails and files from unknown sources – check a sender’s email address for authenticity.

• Don’t click on suspicious links or unknown attachments

• Avoid emails that ask for sensitive data

• Use trusted sources such as legitimate government websites for all fact-based information about COVID-19 such as the CDC or WHO.

Story via The Hacker News