'COVID-19 CONTACT' Email Virus

The 'COVID-19 CONTACT' email virus is a spam campaign that tricks users into infecting their computers with fake Coronavirus infection warnings. The scheme employs attached documents with embedded macros that drop a backdoor Trojan with additional, account-compromising features. Users should scan all e-mail attachments and disable macros, when possible, and let proper anti-malware software remove all threats related to the 'COVID-19 CONTACT' email virus immediately.

A Medical Alert that's Well Worth Discarding

Another threat actor's campaign is joining the bandwagon cluster of attacks that make the Coronavirus into a centerpiece theme for getting clicks from those either frightened or gullible. The 'COVID-19 CONTACT' email virus is a natural followup to the CovidLock Ransomware, the CoronaVirus Ransomware, the COVID-19 WordPress Malware, and the SpyMax RAT campaigns. This time, the strength of the virus as a lure is in service to collecting cryptocurrency, as well as admin rights over the victim's PC.

The 'COVID-19 CONTACT' email virus is a non-targeted e-mail campaign that sends victims messages claiming that the recipient has been in contact with a confirmed COVID-19 carrier. Due to the nearly-global saturation of the disease and its potential for asymptomatic transmission, such an assertion isn't necessarily unlikely. However, the message uses it for getting readers clicking on its attachment (supposedly for printing purposes). As usual, the culprit inside is what malware experts can confirm as being a drive-by-download macro.

The macro, after triggering – which, in most software versions, requires user consent – drops an unknown backdoor Trojan whose motives seem financially-based. It harvests IP address information, takes note of any active programs, and searches for vulnerable network shares for propagation. Malware experts also note that the Trojan has two features that are more typical in spyware: one for collecting browser cookies (and, potentially, account names and passwords), and a second for targeting and compromise cryptocurrency wallets, like Bitcoin or Monero.

Avoiding Social Contact with Infectious Software

While many users are struggling with entertaining themselves during social isolation, this prolonged hometime leaves them with more energy for e-mail and other Web-browsing activities. The 'COVID-19 CONTACT' email virus might be banking on that for maximizing its infection rates. However, malware analysts can't clarify any regional targeted or other methods of sorting victims, such as via lists of stolen addresses. All Windows users must consider themselves at possible risk.

The majority of document reader software will disable macros unless the reader chooses to activate them. In the circumstances like the 'COVID-19 CONTACT' email virus, the trigger may disguise itself with vague terminology such as 'enable advanced content.' Although the 'COVID-19 CONTACT' email virus is medically-themed and includes a signature referring to a Canadian medical institution, similar attacks tend towards fake invoices, resumes, office notifications, and industry news articles.

Users should change all accounts after disinfecting a computer exposed to the v's payload. Manually removing a 'COVID-19 CONTACT' email virus Trojan is disrecommended, due to its use of code injection into Windows processes.

The 'COVID-19 CONTACT' email virus gives disease new meaning for those who are unprotected while in a digital environment. Although its want of money is less destructive than a real plague's cost in lives, protecting oneself from it is far simpler than finding an N-95 mask.