Coronavirus-themed malware intensifies across the world

Such threats continued to spread in April and are likely to be the new norm, at least until the pandemic subsides, according to Bitdefender.

COVID-19: Security risks are increasing as more people work from home

Cybercriminals have been using the coronavirus outbreak to deploy associated malware designed to tap into the curiosity, concern, and fear about COVID-19. Through virus-themed phishing emails, phony websites, and malicious apps, attackers have had no qualms about exploiting a disease that has killed more than 200,000 people. As the pandemic has spread and intensified around the world so too have the malware campaigns that take advantage of it. In a report published on Thursday, security provider Bitdefender shows how these malicious attacks have grown from one region to another.

SEE: Coronavirus: Critical IT policies and tools every business needs (TechRepublic Premium) 

In its research entitled "Coronavirus-themed Threat Reports Haven't Flattened The Curve," Bitdefender said that the daily evolution of COVID-themed threats shows a consistent effort on the part of cybercriminals to exploit fear and misinformation about the pandemic to get victims to click on malicious links, open malicious attachments, and even download and install malware.

Coronavirus-themed threats seen during all of March found an overlap between regions affected by the virus and those targeted by associated malware, which is why Europe and the United States East Coast were among the primary targets for the month. During April, these attacks intensified not just throughout Europe but also across the entire US as well as South Africa. This adjustment shows that cybercriminals align their campaigns to follow the virus to hit as many potential victims as possible.

Attackers also direct their campaigns against countries where the pandemic starts trending, according to Bitdefender. In March, the top targeted countries were the US, Italy, the UK, Spain, and South Africa. In April, the order shifted slightly with the top targets being the US, South Africa, Italy, Canada, and the UK.

top-10-countries-march-april-bitdefender.jpg

Image: Bitdefender

Another strategy employed by cybercriminals is to see which areas open up for COVID-19 testing. During March and April, the top states in the US targeted by these malicious campaigns were California, Texas, Florida, New York, and Ohio. That roughly aligns with the total number of new coronavirus tests for each state. The assumption here is that people who get tested for the disease may be more likely to want information on potential treatments and best practices and therefore are more susceptible to scams and malware about the virus.

"The SARS-CoV-2 (COVID-19) global pandemic is not going away any time soon and it's likely that cybercriminals will continue exploiting and leveraging the crisis to their own advantage," Bitdefender said in its report.

"Coronavirus-themed threats will likely continue under the form of spearphishing emails, fraudulent URLs, and event malicious applications, all exploiting fear and misinformation in order to trick victims into unwillingly giving away personal, sensitive or financial information," the report added. "It's likely these campaigns will plateau in time, but as long as the threat of infection with SARS-CoV-2 is real, cybercriminals will keep exploiting the topic, enticing victims with vaccines and miracle cures."

To help you guard against coronavirus-related malware, Bitdefender offers a few quick tips:

  • Don't believe anything you read online and try to check the legitimacy of any information by consulting legitimate sources.
  • Always have a security solution installed on all your devices.
  • Be sure to avoid opening attachments or clicking on links especially if they're unsolicited or from unknown parties.

Also see

View on a medical mask on an open laptop pc.

Image: Getty Images/iStockphoto

By Lance Whitney

Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.