Like any kind of “smuggled” good, malware is encrypted and hidden inside something else before it is distributed through phishing attacks. This is done in an attempt to hide the malicious code and prevent antivirus programs from detecting it.
This kind of “crypting” has been useful against security software that use a kind of artificial intelligence or machine learning to detect viruses and other malicious programs.
Malware Copies Coronavirus News Stories to Slip Through
The idea of malware using text from news stories is nothing new. It happened back in January when viruses were spotted using text from news stories related to the impeachment trial to confuse antivirus programs.
The malware had to switch to a different news story to get through, and it seems that the one they’ve gone with is news stories about the coronavirus epidemic. Samples of Trickbot were found to be using text from a CNN news story in particular. The information was included in the file description of the strain, as shown below;
Copyright passengers were sent to government quarantine centers
Product The restrictions will ban travel to the US from 26 European countries
Description Singapore has 187 confirmed cases of the virus
Original Name Just because someone who had the coronavirus
Internal Name Just this week, the Grand Princess cruise ship docked
File Version 22.214.171.124
Something similar was seen with a strain of Emotet that used text from another news story – also from CNN – for the file information. The interesting thing is that if you were to open the file properties for the file, the information would be displayed there too.
It’s unknown if taking this approach has really paid off for the threat actors or not, but security experts believe that it could work as intended and could be effective against machine learning and AI.
The idea of using news and information about Coronavirus (COVID-19) with a malware attack is nothing new. This kind of approach has only increased since the virus became a full pandemic that spread across the world. There are now man ransomware and phishing scams that are using the virus outbreak as the focal point of their attack.
The advice for avoiding ransomware remains the same as it ever was though, no matter what method threat actors use. Always be wary about any emails you receive, especially unsolicited ones, and avoid using dodgy websites and you should be okay.
Keep your body (and computer) safe from viruses by practicing good hygiene (and digital hygiene).