Scammers are trying to exploit coronavirus concerns to breach companies

Phishing attempts come with a Microsoft Word document that activates a strain of malicious software, AZORult, which allows attackers to make off with sensitive data.
An official prepares a thermal scanner camera to check the body temperature of arriving passengers at Don Mueang Airport, in Bangkok, Thailand, on Feb. 7, 2020. (Anusak Laowilas/NurPhoto via Getty Images)

Hackers are preying upon fears about the new coronavirus from China by sending companies malicious emails cloaked as warnings about the economic repercussions that could occur as the illness spreads.

Researchers from the email security firm Proofpoint discovered a series of phishing attempts aimed at businesses in sectors that are particularly vulnerable to a disruption in trade because of the coronavirus, such as manufacturing, transportation and finance.

The messages feature subject lines like “Coronavirus – Brief note for the shipping industry,” then direct recipients to download a Microsoft Word document promising more information. That Word file activates a strain of malicious software, AZORult, which allows attackers to make off with sensitive data.

“The malware actors doing this appear to be from Russia and Eastern Europe, and while they aren’t part of an [advanced persistent threat] group, they clearly understand the economic concerns surrounding the Coronavirus,” Sherrod DeGrippo, Proofpoint’s senior director for threat research and detection, wrote in a blog post.


The coronavirus, a respiratory sickness that claimed the lives of more than 900 as of Sunday, has infected some 40,000 people. Quarantines, travel disruptions and widespread concerns about catching illness have upended the economic situation throughout Asia. The virus is a close cousin to the SARS and MERS viruses that provoked global responses in 2003 and 2012, health officials say.

The pathogen might be new to humans, but the hackers behind the phishing attempts are trying to exploit a vulnerability that’s more than two years old, called CVE-2017-11882, Proofpoint says.

“This underscores that the threat potential around Coronavirus remains broad and everyone should exercise caution when dealing with Coronavirus-themed emails, links and attachments, DeGrippo wrote. “While this recent effort was narrow in focus, we are seeing Coronavirus email lures increasingly mixed in with regular ones.”

For cybercriminals, this tactic is hardly new. Scammers of all sorts have worked to exploit attention and concerns on global crises, from natural disasters to sudden geopolitical events, like the U.S. killing of Iranian Gen. Qassem Soleimani.

Latest Podcasts