Hackers use COVID-19 to steal money

With the spread of novel Covid-19 across the globe, threat actors are ramping up their efforts by leveraging public fear and frenzy to gain financial benefits with the help of phishing and malware attacks. Many fake websites, disguised as sites dedicated to reporting the health and government news and updates related to Covid-19, were reported by domain security research groups. One website claiming to be associated with a reputed medical and health care agency provided a list of new cases containing corrupted links. When upon clicking on the links, users would be redirected to malicious websites that would automatically download and run the malicious executable file. The premise that encourages the attackers to believe in the success of their plan is the people’s psychology to make bad choices under the influence of panic and fear. Some approaches also consider and attempt to prey on the altruistic nature of some individuals, for instance, a phishing mail reported by ‘The Sydney Morning Herald’ requested bitcoin donations by disguising themselves as CDC volunteers.

As the public is extensively relying on the internet for information and advice about this pandemic, they unknowingly fall victim to phishing scams that were designed by threat actors. A spike in multiple phishing cases and hacker activity has been noted during the global strike of the novel coronavirus. ‘The Sydney Morning Herald’ also reported a 130% increase in Smishing messages. Many cybersecurity institutions have reported the rise in email scams meant to target health care workers to obtain personal and financially damaging information.


Phishing attacks by itself do not benefit threat actors much, but what comes after this attack is, i.e. phishing emails are usually followed by other attacks, majorly the ones that directly yield financial gains such as ransomware, malware installations such as bots, cryptomining, etc. The current COVID-19 pandemic is being utilized by these attackers to spread both false and legitimate information to arouse users’ curiosity and prompt them into clicking links or downloading malicious apps or attachments. Threat actors are using different modes of phishing attack to lure a wide spectrum of users.

  • Spear phishing – involves customized emails/campaigns, tailor-made to match the search discipline of the target user/industry to make it seem more relatable and less suspicious. Also, in some cases, reconnaissance is conducted by threat actors to obtain and uncover as much information as possible to make the phishing template more believable. Reconnaissance results can include usernames and emails of clients of the company to trick the user into believing its origin. The solution for such attacks forms the core of anti-phishing training vendors, where they teach users how to identify and avoid such attacks
  • Vishing & Smishing – implying voice phishing and SMS phishing respectively, conducted through phone call or message by the threat actor pretending to be your IT service/security admin. The prevention of which involves training simulation with the employees to increase their security awareness surrounding the issue.

The occurrence of phishing was not uncommon before the havoc of Covid-19 but, now that many organizations are busy combating the spread of this pandemic, threat actors are trying to exploit the constrained manpower and resources committed to combating cyberattacks. Cybersecurity is also dependent on many other branched sources and processes to form a network of security operations; thus, the closure of any one vertical will hit the efficiency of the entire network.

Financial gain via phishing

Information theft

This is the first and the most prominent after the intrusion attack step. The user’s information, such as usernames and password are stolen, through malware such as spyware that can steal the data from the user’s device without their consent or knowledge. Rootkits dropped from malicious websites can also help attackers to sniff the user’s device and network for important data.


This is the latest trend that is used not only by hackers but also by some freemium applications or websites that try to justify their actions by stating their advertisement-free service. Where much cryptomining malware which is also known as crypto jacking programs, target laptops, and desktops to mine cryptocurrency, others target smartphones and tablets. Kaspersky Labs dubbed one of the more powerful cryptomining/cryptojacking malware programs as Loapi, which is designed to hijack the processor of an android smartphone’s to mine cryptocurrency and is intensely invasive to overheat the phone’s battery, hence damaging the device physically.


Cryptomining may seem a malicious technique used by a hacker but in fact, is the official and legitimate method of transaction authentication involved in the blockchain process of bitcoin. To understand this better, we need to first understand the process of the blockchain involved in the transactions of Bitcoin. As Bitcoins are cryptocurrencies used for online transactions, not regulated by any government organization, the question arises as to how these currencies are valid. Well, just like any currency (which is made of materials like paper, plastic, and/or metal) which in itself has no value but represents the trust in the government or economy of the society, which is minted and regulated by the government; the Bitcoin is regulated by many crypto miner groups (in millions) across the globe, hence making trust one of its core values.

When Bitcoin transactions happen online, the transactions are recorded in the form of hexagonal value blocks. The job is to solve those blocks using mathematical calculations to authenticate its legitimacy, and for mining each block of size 1 megabyte, the first person to solve the hash is awarded bitcoins. Long story short, mining for Bitcoin will help generate money, but you might think “Wait! How does this affect my system (or) what does that have to do with hackers?”. As stated earlier that the first person to solve the block will be the winner i.e. this is the process of luck and extreme competitions. To mine the block quickly the miners need high and fast performance, where legitimate miners use their high-end systems and tools, hackers tend to go around that investments and hack device to act as bots for them, which combined (in thousands) will do the mining job for the hackers.

Session hijacking

Also known as cookie hijacking. It occurs when an attacker gets the control of cookies being exchanged between the user and the webpage. Cookies are generally used by webpages to monitor user experience and contain important information about the user which when hijacked by the attacker can be misused to create a man-in-the-middle attack (MITM), where the attacker smuggles the packets being exchanged between the user and the website in such a way that the website thinks the hacker's computer to be that of the user and the user thinks it to be part of the website. Session/cookie hijacking also leads to financial data loss as many cookies tend to record the user credit/debit card details and passwords for flexible user experience.


The prevention of the described issues, for a non-technical person, can only begin to learn and understand through anti-phishing education and awareness training provided by reputed organizations such as OhPhish, which provides phishing simulations and security awareness training to help employees defend against phishing attacks. Simply knowing about phishing theoretically may not be entirely sufficient because, even if a person knows that email phishing is done via sending malicious/spam e-mails, he or she may not possibly differentiate between a benign and malicious e-mail when faced with an actual phishing email. Thus, it is important to have practical experience in dealing with phishing attacks. OhPhish solutions provide phishing simulations that mimic real-life attack scenarios by sending employees phishing emails to gauge their level of susceptibility to phishing attacks. Based on those results, tailored education and mitigation knowledge will be provided to individuals who have failed the simulated phishing tests.

As the user himself is the first line of defense against any cyberattack, the knowledge on how to tackle phishing attacks is the most prominent. Anti-phishing education can not only help to educate the employees of any organization to recognize and tackle phishing mails, but also assist the IT and technical staff to further strengthen their organization security against phishing. Though every vendor has its regime its course, the basic elements taught are:

  • Precautions to follow for remote workers on cloud and VPN access
  • Compilation of security policies and guidelines that help in educating the workers on phishing
  • Educating IT security professionals on handling and mitigating phishing attacks.
  • Training for security responsibilities in the event of phishing attacks
  • Training through demo simulation real-time time phishing attacks


Q. What spear phishing?

A. spear phishing is a targeted attack where the attacker researches the victims before sending a personalized message or email


Q. What is blockchain?

A. Blockchain is described as a distributed and decentralized ledger where all members of the blockchain are aware of all the previous blocks as well as any new blocks


Q. What session hijacking?

A. Session hijacking is an attack over user sessions by masquerading as an authorized user. Generally, it applies to browser sessions and web applications hacking