Skip to main content

Crooks are using the coronavirus outbreak to spread malware

A computer rendering of a generic coronavirus.
(Image credit: Lightspring/Shutterstock)

Are you worried about the Wuhan coronavirus? You should be, but that concern might lead to infection from a different kind of virus -- the digital kind.

Kaspersky researchers reported today that they're seeing malicious files online that pretend to be documents and video clips about the Wuhan coronavirus, including tips on how to protect yourself, updates on the spread of the infection and ways to detect if you have the virus. 

But the malicious files, which Kaspersky said posed as or were embedded in Microsoft Word documents, MP4 video files or PDFs, can in fact hijack your computer, steal personal data or erase files.

"So far we have seen only 10 unique files, but as this sort of activity often happens with popular media topics, we expect that this tendency may grow," said Kaspersky malware analysts Anton Ivanov in an email to Tom's Guide. 

"As people continue to be worried for their health, we may see more and more malware hidden inside fake documents about the coronavirus being spread."

Kaspersky warned of opening suspicious links that you might see in social media or on websites promising updates on the Wuhan coronavirus, and to check the file extensions of any file you download. 

"Documents and video files should not have been made either .exe or .lnk formats," Kaspersky noted. 

As always, you can protect your Windows computer from malware infection with some of the best antivirus software.

Don't open this Word notice about the coronavirus

Meanwhile, IBM's X-Force threat-intelligence team (via Bleeping Computer) posted a report yesterday (Jan. 29) of several examples of Wuhan coronavirus-related malicious spam (malspam) email messages distributed in Japan by the Emotet Trojan. (A Japanese threat researcher has been independently documenting these on Twitter for the past two weeks.)

Emotet is a jack-of-all-trades that worms its way through networks, pumps out spam, steals private information, breaks into online bank accounts and downloads other forms of malware.

The email messages, all in (sometimes broken) Japanese, claim to be alerts from a healthcare provider warning of Wuhan coronavirus infections in various Japanese prefectures. 

Attached to the emails is a "notice" in the form of a booby-trapped Word document, which the recipient is instructed to open with Word safety features disabled. If you do so, a Word macro will run that installs the Emotet Trojan.

"Previously, Japanese Emotet emails have been focused on corporate-style payment notifications and invoices, following a similar strategy as emails targeting European victims," IBM X-Force noted. "This new approach to delivering Emotet may be significantly more successful, due to the wide impact of the coronavirus and the fear of infection surrounding it.

"We expect to see more malicious email traffic based on the coronavirus in the future, as the infection spreads," the report continued. "This will probably include other languages too, depending on the impact the coronavirus outbreak has on the native speakers."