July 6, 2020
Watch out for Sick Behavior Masquerading as Coronavirus

Cybercriminals see the pandemic as a huge business opportunity.

Food supply services and Netflix are not the only ones benefiting from the coronavirus outbreak.  It also became lucky for cybercriminals who wanted to take advantage of the fear and confusion that COVID-19 caused. Photon, the research arm of my company, is deeply immersed in the dark, cybernetic world of those whose job it is to abuse others online through fraud, extortion, scams and theft. Here are some of the things we’ve found and ways to reduce the threat:

Shitty demands

As early as January, Japan started distributing e-mails with false alerts about the health risks of KOVID-19. They used the coronavirus panic as a threat to an e-mail campaign. Recipients were informed of the rapid spread of the virus and instructed to download the attached message, which allegedly contained preventive measures. When he downloaded it, he installed Emotet, a type of malware used for ransom, but also other types of malware that steal user data, browser history and sensitive documents. This information can then be used to send spam to other e-mail accounts.

There have also been other forms of cyber attacks, including a denial of service attack on the U.S. Department of Health and Human Services on 15 September. March, as well as a fraudulent website distributing a new version of a buy-back program called CoronaVirus, which was identified a few days later.  And deceptive mobile applications have arisen. In total we found 376 Android mobile applications related to COVID-19. Many of them turned out to be benign. But others have also included spyware to collect confidential user data and insisted on dangerous permissions.

We found several applications that needed access to perform account authentication, capture and collect photos, receive packets not directly addressed to the device, make network connections, delete accounts, delete passwords, request authentication tokens and write to the phone’s built-in SIM card.  Finding access to a user’s contact list is a particularly dangerous form of consent, because, among other things, it is possible that someone protecting this information might maliciously impersonate you and someone else on that list.

We also found a number of download links which claimed to be specific to COVID-19, but which were in fact used for very different applications, some of which were manipulated with malicious files that required many dangerous permissions.  The files they have downloaded contain high-risk software, adware, potentially unwanted programs, contact collection tools, and SMS messaging management functions.  One of them, disguised as a legitimate coronavirus application linked to the Johns Hopkins Medical Center, was actually a tool that sucked photos, media files, camera location and the user’s camera out when installing spyware management features.

It is important to note that almost all of this malware has been downloaded from sources other than Google Play or Apple’s App stores – both of which thoroughly test the software before hosting it on their sites.  Downloading these trusted App Stores provides important protection against malware.

Third party risks

In the rush to prepare for a largely remote workforce in response to the coronavirus, many organisations have enlisted the help of third parties.  This is understandable; external suppliers can help the company maintain a semblance of business continuity in difficult times. However, it also brings with it a new risk of unwanted intrusion.

Sometimes it is the third parties who offer the least resistance to certain intruders. They offer an additional advantage by allowing cybercriminals to go unnoticed and even offer the possibility of attacking multiple target organizations at the same time. Last August, for example, the attackers were able to call in a third party in 22 cities in Texas to distribute ransom.  In addition, virtual workspaces require increased use of third party online channels, extending the attack potential far beyond the traditional corporate network.

It’s not just a theory; a 2018 study by the Ponemon Institute found that nearly 60 percent of the companies surveyed had experienced data breaches by third parties, while only about one third had even made a full inventory of the third parties their company was working with.


Third party and supplier applications represent three main categories of risk: Operational risk, resulting from system failure or malfunction; operational risk, associated with maintenance or supply problems; and compliance risk, which puts the organisation at the crossroads of safety responsibilities or other legal violations. Although these risks do not only exist when third parties are used, their involvement significantly increases the risk potential.

At the same time, there are sensible strategies to minimise and limit these risks.

1. Establish a pandemic response team capable of assessing the risk to third parties.

2. Development of a comprehensive inventory of external suppliers

3. Analyse the risks of third parties

4. Check security incidents that may affect your suppliers.

5. Inclusion of radiation incidents in third party supervision.

6. Download applications only from trusted sites

7. Maintaining scepticism about permit applications

8. Make sure the application was created by a legitimate developer.

That’s what it looks like: Annexes COWID-19 : Effective tools to control the risk of viruses or a security nightmare?

That’s what it looks like: Apple and Google work together to trace viruses from your phone to your contacts

That’s what it looks like: Nationally supported hackers have carried out attacks on KOVID fear19 : Google

That’s what it looks like: Android monitoring campaign uses KOVID crisis 19

That’s what it looks like: Arrow in the society of compromises Correlation with interlocks

Watch out for Sick Behavior Masquerading as Coronavirus

Watch out for Sick Behavior Masquerading as Coronavirus

Watch out for Sick Behavior Masquerading as Coronavirus

Alaster Paterson is the CEO and co-founder of Digital Shadows. Alastair has been advising clients and governments of FTSE 100 on the analysis of large amounts of data for risk analysis and exploration for more than ten years. Prior to founding Digital Shadows in 2011, Alaster was responsible for the international offering at BAE Systems Detica, working with customers in the Gulf region, Europe and Australasia. He has a first class Master’s degree in Computer Science from the University of Bristol.

Previous chronicles of Alastair Paterson:

Watch out for Sick Behavior Masquerading as CoronavirusKeywords: covid symptoms,coronavirus cdc new symptoms

About Author