This variant steals sensitive information like bank account details and CVV codes from compromised systems, starting with a phishing email with the attached Word file “COVID-19 stop.zip”.
Prompting the victim to accept editing permissions, this version targets applications such as Google Chrome and Chromium, and confirms that cybercriminals are still going after web apps, with SonicWall’s 2020 Threat Report noting a 52 percent YoY increase in these types of attacks.
Terry Greer-King, VP EMEA at SonicWall said: "The public needs to be hyper aware of the interactions they have online, particularly involving the links and emails they open. Cybercriminals do their utmost to take advantage of trying times by tricking users into opening dangerous files, through what they consider to be trusted sources.
"Users should always double-check sender emails and domain names in their browsers and steer clear of suspicious looking websites that can leave their system vulnerable to phishing attempts. If a sender is not recognised, it is advisable to delete the message immediately.
The best way to stay informed about the latest health news is to follow directives from global health organisations, instead of looking for information from other sources, to avoid becoming vulnerable to well-established techniques and social engineering hacks."