Cybercriminals using WHO logo to send phishing emails faking coronavirus updates and info to steal data, log keystrokes amongst others from victim’ devices.

One of the effects of having a viral pandemic scientists are yet to find a cure for, is that information pertaining to its spread and prevention is considered top priority.

In a bid to stay ahead of the curve, users of the internet are clamouring for information that could aid them better protect themselves and inform them of the reach of the virus, and this is being exploited largely by cybercriminals to gain access to unsuspecting users’ data.

One of such ruses going around is a phishing campaign being used to steal information on user’s devices dubbed MyHealth. Posing as an e-book that espouses having information that is beneficial to protecting children and businesses from the virus, the campaign uses the World Health Organization logo to make its emails appear legitimate and persuade users to download the MyHealth e-book, which once downloaded introduces a Trojan known for stealing information called FormBook.

One of such phishing emails going round

This was identified by cybersecurity company and antivirus developers, MalwareBytes, who have since shared this with the public stating how the campaign works and how the Trojan infiltrates victim’s computer systems to steal information.

While these are trying times, it is imperative that cyber security is handled responsibly. There are many criminals out there that are going to be diversifying into more online-related schemes to make a buck off unsuspecting victims, so stay vigilant. Get your information from only verified sources like the WHO, using their official websites and pages and avoid downloading anything you cannot trust, even if they bear some semblance to your favorite sources.

MalwareBytes shared this,

Formbook is one of the most popular info-stealers, thanks to its simplicity and its wide range of capabilities, including swiping content from the Windows clipboard, keylogging, and stealing browser data. Stolen data is sent back to a command and control server maintained by the threat actors.


Write a comment

    Write a Comment

    view all comments
    Read before write a comment! Read the guidelines