As the world grapples with the coronavirus pandemic, hackers are said to be using infection-related emails as the anchor for a new phishing campaign. A coronavirus-themed attack seeks to steal victims' personal information, including cryptocurrency wallets, web browser details for login information, IP addresses, and more. Discovered by BleepingComputer, the email is designed to appear as if it was sent by a nearby hospital and informs users that they have come into contact with a person infected with Covid-19 who could be a colleague, friend or family member.
Virus attack
The email asks the user to print an attachment "EmergencyContact.xlsm" and go to an emergency clinic for tests. The attached file, once downloaded, opens as an Excel file and warns users to activate the content. However, once the content is activated, macros embedded in the Excel file begin downloading, installing, and running malware. This malware can remain hidden by many forms of antivirus software, before tracking down and stealing personal information such as:- Cryptocurrency wallets
- Browser cookies that contain saved connection information
- Local IP address and other related information
- Change network settings and allow file sharing over the Internet
- List all programs installed on the system