Scam alert: Now hackers are using coronavirus panic to spread malware


Ever "innovative" cyber-criminals have not waited long to try and exploit the coronavirus for their own gain - instead, they're using widespread panic to spread a different kind of virus.

Coronavirus scams exploit people's concerns for their health and safety in an attempt to pressure them into being tricked, according to Tatyana Scherbakova, security researcher at global cybersecurity company Kaspersky. 

The company has already detected emails offering products such as masks or fake offerings of vaccines, which in fact lead to phishing websites.

Already, 2 673 cybercrime attempts have been detected involving fake coronavirus solutions, and the distribution of 513 unique scam files. The latest ones detected purport to be from the World Health Organisation (WHO).

"Cybercriminals recognise the important role WHO has in providing trustworthy information about the coronavirus. Users receive emails allegedly from the WHO, which supposedly offer information about safety measures to be taken to avoid infection," says Scherbakova.


"Once a user clicks on the link embedded in the email, they are redirected to a phishing website and prompted to share personal information, which ends up in the hands of cybercriminals. This scam looks more realistic than other examples we have seen lately."

The Kaspersky researchers have detected malicious pdf, mp4 and docx files masquerading as items relating to the coronavirus. The names of the files imply that they contain video instructions on how to protect yourself from the virus, updates on the threat and even virus detection procedures.

"We would encourage companies to be particularly vigilant at this time and ensure employees who are working at home exercise caution," says David Emm, principal security researcher at Kaspersky.


If you are an individual, Kaspersky advises that you carefully study the content of emails you receive and only trust reliable sources. Do not download files with an .exe extention.

If you are a business, provide a VPN (a private network that uses a public network) for staff to connect securely to the corporate network.

All corporate devices – including mobiles and laptops – should be protected with appropriate security software.

International cloud-based email management company Mimecast says it too is tracking emails of cyber criminals trying to capitalise on the virus by attempting malicious email attacks.

"There are currently multiple malicious emails circulating to unsuspecting end-users via business and personal email. Cybercriminals exploit these uncertain times by masking malicious activity behind seemingly innocent and helpful communication," the company warns.

"Businesses and consumers need to take extra care during times of uncertainty to only open trusted emails and take care not to click on malicious links."

* Compiled by Carin Smith

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For 14 free days, you can have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today. Thereafter you will be billed R75 per month. You can cancel anytime and if you cancel within 14 days you won't be billed. 
Subscribe to News24
Rand - Dollar
Rand - Pound
Rand - Euro
Rand - Aus dollar
Rand - Yen
Brent Crude
Top 40
All Share
Resource 10
Industrial 25
Financial 15
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot