According to security company Proofpoint, threat actors have launched a campaign using an email lure that “stokes conspiracy theory fears” that there is cure for Coronavirus that isn’t being shared.
Proofpoint says the email claims there is a cure being hidden by government entities because the virus is being used as a bioweapon, and it then urges the recipient to receive further information on the “cure” by clicking on the link provided in the email.
Proofpoint says attackers have also expanded their attacks to include credential theft, with its researchers have seen fake Office 365, Adobe, and DocuSign sites meant to steal credentials linked to Coronavirus-themed emails.
“In this latest round of campaigns, Proofpoint says attackers have expanded the malware used in their Coronavirus attacks to include not just Emotet and the AZORult information stealer, but also the AgentTesla Keylogger and the NanoCore RAT -- “all of which can steal personal information, including financial information”.
“Consistent with this level of tailoring and focus on economic concerns, we are also seeing dedicated attacks against construction, education, energy, healthcare, industry, manufacturing, retail, and transportation companies,” said Proofpoint.
“Geographically, in addition to previous targeting against Japan and the United States, we’re also seeing attacks focusing on Australia and Italy, the latter in Italian-language lures,” Proofpoint concludes.