An electronic attack exploits the fear of "corona" to inflict casualties

Information security experts revealed a large-scale cyber security attack of the kind known as "phishing" attacks, aimed at exploiting the current state of fear and caution from the "Corona virus", to inflict as much as possible from the users of computers and smartphones, and planted millions of software and malicious codes on their devices To control it remotely and steal their sensitive data, especially the financial and banking statements.

Experts warned against emails appearing issued by the World Health Organization, or the American Center for Disease Control, talking in one way or another about the "Corona" virus, how to protect from it, and those who can be contacted during emergencies, and call to donate to combat it, stressing the importance of Ignore such messages completely, as they are only one of the hundreds of thousands of scam messages, which professional groups of hackers and cyber criminals in the world have finally launched.

This came in a statement on the official page of the unit known as "The Force X" of "IBM" company specialized in combating cybercrime, in conjunction with the publication of a detailed report on the new attack on the official blog of the company "Kaspersky" specialized in information security. The two sides confirmed the outbreak of the attack a few days ago, and the arrival of these fraudulent messages to tens of thousands of users around the world.

Two fake links

Experts «IBM» and «Kaspersky» that this large-scale attack launched from Japan, through groups of pirates tried to spread malware through e-mail messages containing a set of real active links about the virus «Corona», with two active fake links, where The first link leads to an alleged entity under the name "Management System to Coordinate the Response of Local and International Public Health", the letters claim that it was created by the American Center for Disease Control, to receive notifications of the disease, as well as obtain instructions, methods of prevention, treatment, and others. They added that the other active spoofing link comes under the name of "a new case report about the city", as the messages claim that it is affiliated with the World Health Organization, and is dedicated to identifying the rates of disease spread, and whether new infections have appeared in it around or near the city in which they live. With the recipient of the message.

Exploit

The experts continued: It turned out that the two active links refer those who click on them to one of the pages of the outlook electronic messaging programs, and it shows the official email address of the World Health Organization and the American Center for Disease Control «CDC», noting that this page Require their login information.

They reported that after entering the data, the follow-up key appears, for the purpose of composing the message, but instead all the information that is entered is transferred to the hackers and attackers, and at the same time the malicious programs hidden in the phishing messages are downloaded to their computers, so that all of that is used for access To the victim's e-mail account legally, and then the rest of the attack begins, from data burglary, computer infiltration, control, and use of stolen data to access financial and bank accounts.

The Deception of Bitcoin

Researcher Maria Kaselski, a member of the "Kaspersky Security" team, said that some fake phishing messages, urging people to donate to the American Center for Disease Control to support the fight against the virus, using the cryptocurrency "Bitcoin", where these messages claimed to be coming from the e-mail The official center of the center is "cdc-gov.org", while the true address of the center is "cdc.gov". She added that with this simple trick that some may not notice, the hackers get the financial data of the donor, as well as his electronic account data, and some will be fooled by this message, even though the CDC does not take donations, and certainly will not receive Bitcoin payments.

Deceptive messages

Kacelski noted that the booby-trapped campaign also included letters showing the official WHO logo, backed by correct, real and concise information about safety measures, but she asked victims to click on a link that would take them to a page containing more detailed suggestions on how to protect themselves from a virus. Corona.

Malware

Analyzes of information security experts at "IBM" revealed that the new attack includes the transmission of dangerous malware from the category of Trojans on the computers of the victims, called "Inet Tate", a dangerous strain of malware that appeared six years ago and was destructively effective In attacking the networks and websites of governments and financial institutions.

Experts have found that cyber criminals send e-mail messages loaded with this malicious software, under the guise of being part of a disabled care service provider in Japan, where these messages claim that there are reports of corona virus patients in Japan, urging victims to read an attached document from A "Word" file contains malware.