'COVID-19 CONTACT' Email Virus

'COVID-19 CONTACT' Email Virus Description

Since the outbreak of the Coronavirus worldwide, more and more cyber crooks are trying to take advantage of the fear and uncertainty among the populace. Many cybercriminals are devising cunning plans on how to profit from the COVID-19 pandemic. One example is the ‘COVID-19 CONTACT’ email virus.

Users targeted by the conmen behind the ‘COVID-19 CONTACT’ email virus campaign would receive an email that claims to originate from a hospital located in their area. The fake message states that the hospital has identified an individual who is infected by the Coronavirus, and the user has been in close contact with him/her. The bogus email contains a corrupted attachment, which the user is urged to download and review immediately. The con-artists who are responsible for the ‘COVID-19 CONTACT’ email virus state that the attached file contains important information in regards to how one should proceed in case they have been in contact with a person carrying the deadly virus. The attached file is named ‘EmergencyContact.xlsm,’ which makes the corrupted attachment appear as a harmless document.

However, the attachment is not harmless certainly – this is a macro-laced file, which will infect your computer if you execute it. If the users open this unsafe file, they may not notice anything out of the ordinary as Microsoft Excel will be executed, and they will be presented with a decoy document. However, the bad script will operate in the background and infiltrate the user’s system. The ‘COVID-19 CONTACT’ email virus is able to:

  • Collect cookies from the user’s Web browsers.
  • Collect software, hardware and network data.
  • Detect any shared folders that are located on the same network.
  • Detect any files that are related to cryptocurrency wallets and collect them.
  • View a list of the running services on the system.

As Coronavirus continues to spread all across the world, more and more hackers are using fears surrounding the virus to scare people into downloading malicious files.

Taking the step of pretending to be from a local hospital and telling people they have come into contact with someone with the virus is the lowest of the low. Not only does it scare people into thinking they have the virus, but it also makes them afraid that someone they know, such as a friend, family member, or work colleague, has the virus too.

The email says that readers should print off the attached file – EmergencyContact.xlsm – and take it to the nearest clinic for coronavirus testing.

The email reads:

Dear XXX

You recently came into contact with a colleague/friend/family member who has COVID-19 at Taber AB, please print attached form that has your information prefilled and proceed to the nearest emergency clinic.

Maria xxx
The Ottawa Hospital General Campus
501 Smyth Rd, Ottawa, ON K1H 8L6, Canada

The attached document asks the reader to “Enable Content” to see all the information. Should content be enabled, the document loads malicious macros that download and launch malware on the computer.

The malware executable can inject several processes to legitimate Windows configuration files, in particular the msiexc.exe file. The virus hides in plain sight to avoid detection and hide what it is doing from users and computers alike.

Coronavirus has caused plenty of digital threats as well as real-world ones. Keep an eye out for any suspicious corona-related emails and don’t open any attachments from sources you don’t know or trust.

If you do receive an email about Coronavirus, be sure to look up the alleged sender and, if they claim to be from a legitimate organization, get in touch with that organization to confirm the information.

If you want to know the latest information and advice about Coronavirus, then you should stick to official websites. The CDC, Wolrd Health Organization, and your local health department will have all the information you need.

The fact that the ‘COVID-19 CONTACT’ email virus is able to collect cryptocurrency wallet files means that this threat is not to be underestimated – its victims may end up with significant financial losses.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

HTML is not allowed.