Hackers are using the fear of COVID-2019 coronavirus disease, trying to trick both citizens, business owners and their employees into downloading keylogging malware that steals valuable information from victims’ PC and mobile devices.
Hackers use the hook of the virus to capture the attention of potential victims, with links to statistics, safety measures, possible cures and vaccines that lure them to click and unknowingly download the spyware. According to researchers, the spread of a file named “CoronaVirusSafetyMeasures_pdf,” is most likely being delivered in the form of email attachments, which is actually a RAT dropper (remote access trojan) that acts as a keylogger, registering all key presses. The data gathered by the malware is sent to a command and control (C&C) server, at an IP address from a US hosting provider that’s been around since 2012.
The World Health Organization name and logo along with news on the outbreak is also being used as a lure in phishing campaigns designed to plant a new variant of a keylogger that dates back to 2016. HawkEye is a keylogger and credential-stealing malware that is usually spread through fraudulent emails and malicious Microsoft Word, Excel, PowerPoint, and RTF files. The keylogger is able to log keystrokes, capture screenshots, and send stolen data to its operators through encrypted email.
Keyloggers are difficult to detect because many are polymorphic and have the ability to change their form and remain undetected by antivirus (zero-day). ACS EndpointLock keystroke encryption software encrypts your PC and mobile keystrokes and blocks keyloggers from stealing your private information.