Menlo has detected an increase in the number of phishing attacks that are associated with coronavirus. From February 25 to March 25, the volume of attacks in the United States increased 32 times. The surge in activity occurred on March 11, when the World Health Organization (WHO) declared the virus a pandemic since then the number of letters has been increasing daily.
Researchers have found that in recent letters cybercriminals use various strategies – for example, embedding in PDF files and SaaS services. In one example given by Menlo, an attacker wrote a letter about salary reductions to key employees of the company and stole their personal data.
Researchers also noted that spyware turned out to be the most popular attachments in letters, with backdoors taking the second place. The most common spyware programs are AgentTesla, NetWire, and LokiBot.
Thus, hackers can view any information about the system, upload and download files, and manage the device. In addition, they can download saved passwords and bank card information.