- Cybercriminals and scammers are using coronavirus to scam web users.
- They are targeting vulnerable people claiming to offer Covid-19 vaccine or treatment.
- The aim of cybercriminals in these cases is to install viruses on people’s phones and computers.
Beware of miracle coronavirus cures and testing kits being peddled on the dark web — the vast underground online market. Cybersecurity experts warn that scammers are out preying on panic-stricken people looking for safeguards against Covid-19 across encrypted platforms.
According to a New York-based cyber intelligence firm, IntSights, such "coronavirus-themed phishing lures, malware infections, network intrusions, scams, and disinformation campaigns have become rampant across the clear, deep, and dark web."
Other cybersecurity researchers also point out a spike in Covid-linked suspicious domains. "Dark web is the dirty underbelly of the Internet, where multiple criminal activities, such as narcotics trade, selling off data and other nefarious activities take place, making it extremely difficult to identify the person carrying out trade. As a result, a lot of criminals sell fake 'miracle cures' or other such stuff and vanish as soon as the bitcoins have been transferred to their accounts," Tarun Wig, co-founder of a cyber and data intelligence firm in New Delhi, Innefu Labs, told India Today.
Experts feel that the current atmosphere of fear has given these criminals an ideal climate to carry out fear-mongering and peddle fake medicines as a cure for coronavirus.
Dark Web Market of Covid-19
A recent surge in Covid-related products, templates, and hoaxes on deep and dark web markets has been noticed. According to researchers at IntSights these "sellers seek to exploit public fear by offering products that could allegedly serve as virus tests or vaccines."
There is limited availability of coronavirus testing kits, and people are looking for such products. This trend is high in countries like the USA. The researchers caution that "these products are in no way real, and buyers would be scammed out of their money."
These products include fake Covid-19 detectors and vaccines.
Experts recommend using standard security tools that identify suspicious websites and warn users. The experts advise against using "vulnerable software" which may lead them to traps.
Covid-related threats are not only limited to private players. The exploits of a pandemic are also being used by state-sponsored networks.
A threat actor called APT36 was recently observed "spreading a malicious office document spoofed
to look like it came from Indian government websites."
The program is designed to give an impression of a health advisory in Microsoft office file related to coronavirus. Its victims face the risk of installing a "Crimson RAT payload" into their system in the process.
Other suspected state-sponsored targeting campaigns are associated with China, Russia and North Korea, researchers observed.
Threat actors "MUSTANG PANDA" and "VICIOUS PANDA" were linked to Chinese campaigns, whereas a malware strain named "BabyShark" was linked with North Korean campaigns earlier in February. A suspected Russian state-sponsored hacking group known as "Hades" also reportedly targeted Ukraine, which used Covid-19 as a lure.