Concern over the spreading coronavirus from China is legitimate and real. The World Health Organization (WHO) has declared the coronavirus a global health emergency, and the United States and other countries are limiting travel of individuals from the affected areas in China.

As we have seen with other public concerns, cyber criminals and threat actors use such times of concern to target attacks and prey on victims. Cyber criminals are doing just that in the wake of the media attention about the spread of coronavirus. This week, Kaspersky announced that it has found PDF, MP4 and DOC files posing as information on how to protect people from the virus, updates on the coronavirus threat, and detection procedures of the virus, all of which have been infected with malware that can damage the network or system, and can spread throughout networks.

The identified malicious files posing as helpful information about coronavirus include:

  • Worm.VBS.Dinihou.r
  • Worm.Python.Agent.c
  • UDS:DangerousBoject.Multi.Generic
  • Trojan.WinLNK.Agent.ew
  • HEUR:Trojan.WinLnk.Agent.gen
  • HEUR:Trojan.PDF.Badur.b

There are many predictions that the number of malicious files introduced will grow, and companies are being warned to alert their employees to be wary of any emails or links provided to them about the coronavirus. Individuals and employees may wish to use official sources for research (like the WHO website), to be careful if downloading any materials about coronavirus, and to be vigilant about the names and sources of any files related to the coronavirus.

We are all concerned about the virus and seek additional information about it. Cyber criminals know this and use this concern to purposefully attack us. Alerting employees and colleagues about the threat of malicious files posing as information about coronavirus hopefully will lessen the success of cyber criminals taking advantage of a world health concern.