• by Ray Schultz , February 14, 2020

Email scammers have ramped up their efforts to exploit fears about Coronavirus, and are spreading conspiracy theories about purported cures that are being withheld, email security specialist Proofpoint reports in a blog post.   

In addition, the attackers have added new forms of malware, including AgentTesla Keylogger and the NanoCore RAT, expanding beyond Emotet and the AZORult information stealer.

One email claims that government entities are using the virus as a bioweapon and are hiding a cure. The purpose is credential theft.

Another “extremely well-crafted” email directs recipients to a fake Microsoft website, where they are directed to enter credentials. Once that is done, they are redirected to the legitimate World Health Organization (WHO) site, which provides a veneer of credibility. The email targets employees in companies.

Proofpoint adds that attackers abusing the World Health Organization name to “distribute an attachment that will install the AgentTesla Keylogger.” 

The attackers are sending fraudulent emails to manufacturing and shipping firms, using the subject "Coronavirus Update: China Operations." This includes an attachment titled “"Factory Contacts and Office Resumption,” which recipients would be well advised not to open.

Proofpoint has also seen attacks of various types against “construction, education, energy, healthcare, industry, manufacturing, retail, and transportation companies.”

In addition to Japan and the United States, Proofpoint says, various scam attacks are targeting “Australia and Italy, the latter in Italian-language lures.”