COVID-19 Phishing Update: Workplace Concerns Exploited to Distribute Malware

In recent efforts to deliver attacks that abuse the novel coronavirus, threat actors are exploiting workplace concerns about outbreak prevention and shipment delays. Below are two examples sent with the intent of delivering malware. 

We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security community stay up-to-date on how threat actors are exploiting the pandemic. 

2020-04-08 - Payload Other - INC1805551 - Preparing business and employers work environment for a coronavirus COVID-19 outbreak prevention
The first example uses tactics resembling an ongoing malspam campaign where Excel documents are the primary means of infecting computers with Zloader. The intent is for Zloader to download the banking trojan ZeuS. 

The sender comes from the burner email [email protected].


2020-04-08 - Payload Other - INC1804096 - Your Shipment AWB 3357647591

The second lure spoofs a global logistics company to deliver Nanocore, a remote access trojan (RAT), via attachment. The sender address is

Email links to: http://gbud.webd[dot]pl/images/COVID-19-04-01-2020.IMG

File hash: SHA256: 7b2adf1c8ff725d7dd61b0fdc3ef9e6e3a8bd1b744fd209290a1bf65f9b9acb4

Organizations are being strongly encouraged to overshare information that might safeguard employees during the pandemic. As a result, individuals are primed to expect changes as they relate to their companies. Threat actors need only repackage the messaging associated with past lures to conform with company concerns in a time of coronavirus. 

For more intelligence on COVID-19 threats, see our ongoing coverage.

*** This is a Security Bloggers Network syndicated blog from The PhishLabs Blog authored by Jessica Ellis. Read the original post at: