The coronavirus 2019 (COVID-19) scam onslaught continues. Per Threatpost, digital attackers ramped up their activity over Q1 2020 to the extent that they were sending approximately 1.5 million coronavirus-themed attack emails by the middle of April. How can we then be surprised by ZDNet’s reporting that the number of digital crime reports received by the FBI had quadrupled in number, with many of these disclosed attacks featuring COVID-19 as a theme?

The above-mentioned statics demonstrate how important it is to stay on top of the latest COVID-19 scam attempts. We at the State of Security couldn’t agree more. With that said, let’s look at some of the latest ruses that have made headlines.

The Annoying Mess that is CoronaLocker

In the middle of April, security researcher Max Kersten learned that his friend had suffered an infection at the hands of a program called “wifihacker.exe.” The researcher took a look and found that the malware extracted VBS files and a batch file once installed. It then used these resources to create an annoying screenlocker that informed victims that they had suffered a coronavirus infection.

The CoronaLocker screenlocker at work. (Source: Bleeping Computer)

Bleeping Computer found that users could type in “vb” into the screenlocker prompt to regain access to their desktop. The only problem is that this “CoronaLocker” malware already created several Registry keys to hide the Desktop icons, disable the Start menu and prevent other tools from working properly.

The exact means of distribution wasn’t known at the time of writing, but the computer self-help site named malicious YouTube videos or Discord as likely culprits.

Give It a Rest, Trickbot!

Like all other security research teams, Microsoft’s Security Intelligence has been analyzing the growing number of digital attacks that are exploiting the ongoing pandemic to target (Read more...)