Phishing emails, trojans and spam in the age of the coronavirus

Phishing emails, trojans and spam are now spreading over the Internet. Experts estimate that more than three percent of coronavirus websites that have been created since the beginning of the year contain malicious content, EURACTIV Slovakia reports.

The Slovakian cybersecurity firm ESET have recently warned that fraudulent messages “are trying to lure money or to infect users´ devices”. Criminals often use known or trusted senders and are acting, for example, on behalf of the World Health Organization (WHO).

“In recent days, we’ve seen several email campaigns that exploit this disease. Most of these reports circulate abroad. However, it is only a question of when these malicious emails will arrive in Slovakia,” warns Ondrej Kubovič, a digital security specialist at ESET.

According to the largest Slovak security company, messages or malicious websites are based on content that “evokes strong emotions in victims”, such as fear or panic. “Under its influence, the victim is more likely to click on a dangerous link or download a malicious attachment to his or her device,” ESET warns.

Media has already reported that the well-known interactive map of Johns Hopkins University, which monitors the progress of the new coronavirus spread, has been targeted. The hackers created a page that resembles an original, but they use it to retrieve user names, passwords, credit card numbers, and other sensitive information stored in the browser.

Attackers can use such information for many other operations, such as selling them on the web, gaining access to bank accounts, or social media. Malware was discovered by security researcher Shai Alfasi of Reason Labs .

Cybersecurity expert Heino Geversa has stressed that since the beginning of the year, more than four thousand pages containing the word ‘corona’ have been registered in the network, up to three percent of which have been reported as harmful, and another five percent have suspicious content.

“Unfortunately, if you click on any of the links, you’re exposed to malware designed to steal credentials, card numbers, sensitive browsing data. It then sends it to a command and control server where they can activate it.” the expert said in a popular podcast.

The case of Czech Brno University Hospital, where a computer virus paralyzed both systems and operation, has already created a large public awareness in Central Europe  . In addition, the malware, that got into system via coronavirus map, suspended testing for COVID-19, endangering other patients, health professionals and infected individuals for several days.

ESET adds that coronavirus-related spam, which contains malicious code known as Fareit, is currently spreading throughout the Czech Republic. Similarly, it retrieves passwords stored in Internet browsers from the infected device.

Increased numbers of fake messages, especially malicious emails, SMS, calls, and instructions for downloading applications, have also appeared in other countries. On Monday (March 16), Paris warned citizens about the increased risks in this area, calling for prudence on the internet in view of the increased number of people who use their work computers at home for now.

In dire times, Rome has also been threatened by cyber-attacks. Sophos security researchers have identified a Trojan horse that targeted specific Italian email addresses. Phishing messages were delivered with a document that was to contain advice from the WHO on how to prevent infection. In fact, however in the attachment., users found the Trickbot malware, a modular banking Trojan horse,

ESET has also recorded a fraudulent page with articles on coronavirus in South America. A portal was supposed to contain a video from the construction of a new hospital in China. However, in an attempt to download it, the victim installed bank malware to their device.

Personal data are being stolen from Internet users in Slovakia as well. In the latest case recorded, ESET has reported fake online stores with both head masks and thermometers.

“Attackers have even placed fake user reviews to increase their credibility. The order form which requires to fill in their name, address, and contact information is located at the bottom of each subpage and is not encrypted. In addition to fraudsters, personal information can also be captured by other attackers,” the company said. The website has identical Slovak and Czech versions.

The EU Cyber Security Agency ENISA also warns against phishing emails. At a time of more frequent remote working, it recommends “not mix work and leisure activities on the same device” as far as possible and also to be “particularly careful with any mails referencing to the coronavirus”.

In cyberspace, the most common forms of misleading messages remain, which in times of pandemics spread on social networks many times faster than the virus itself. Platforms are currently on alert as they have promised a more proactive approach.

According to, representatives of the largest tech companies met with Vice-President of the European Commission Věra Jourová in early March. They discussed ways to stop the flow of online hoaxes about a pandemic outbreak. The meeting was attended by representatives of Google, Facebook, Twitter, Microsoft and the Association of European Digital Media (EDiMA).

“All participants confirmed that they are recording various types of misinformation or false information and have taken a number of measures to address them,” Jourova said in a statement. False reports include, in particular, recommendations for false medicines and treatments, many of which jeopardize the immunity or even vital signs of the population (such as drinking alcohol or even bleach).

The platforms have therefore agreed with the Commission to promote, in particular, the resources of authorities and national or international authorities, “to remove prohibited or harmful content” and to protect consumers from “misleading advertising,” Jourová added.

In this context, the European Court of Auditors started yesterday (17 March) an evaluation of the EU’s resilience to fake news.

“Any attempt at harmful and deliberate distortion and manipulation of public opinion may pose a serious threat to the Union itself,” said the audit lead, Baudilio Tomé Muguruza, ECA member, in a press release.

[Edited by Samuel Stolton]

Subscribe to our newsletters