Microsoft is warning about new phishing scams that use COVID-19 as a lure to steal personal information.
The phishing campaigns attempt to deliver malware called Lokibot, “one of the first malware families to use COVID-19 lures,” Microsoft Security Intelligence said in a tweet this week.
Phishing, a widely-used tactic by scammers, uses an email that appears to be from a reputable source and attempts to trick recipients into handing over sensitive personal information like usernames, passwords, and credit card information.
AS FTC ISSUES FRESH WARNING, HERE ARE 5 COVID-19 SCAMS TO BE AWARE OF
The campaign cited by Microsoft shows how cybercriminals are adapting their strategies to exploit trending COVID-19 news, wrote Lawrence Abrams, who runs the cybersecurity news website BleepingComputer.
The emails, pretending to be from the Centers for Disease Control (CDC), arrive with subject lines such as "BUSINESS CONTINUITY PLAN ANNOUNCEMENT STARTING MAY 2020,” according to Microsoft.
When a computer is infected, Lokibot will steal saved login credentials and then send that data back to the attackers' servers where it can be later retrieved, according to Abrams.
COVID-19 HACKERS TARGETING MEDICAL PROVIDERS, FBI SAYS
Microsoft said this is a variation on a theme of recent Lokibot campaigns and “signals their return to tried and tested lures … only slightly updated with COVID-19 reference,” Microsoft said in a tweet.
Cybersecurity site Malwarebytes lists Lokibot as “a large family of spyware that primarily targets banking information.”
F-Secure, a cybersecurity company, lists it under "data stealing" and says the “malware is notably known for stealing credentials from browsers, mail clients, file sharing programs, remote connection programs … It also contains a keylogger component, which can be utilized by the malefactor.”
SCAMMERS ARE BUILDING WEBSITES TO CASH IN ON CORONAVIRUS
Keyloggers are particularly dangerous as they record a computer user’s keystrokes in order to steal passwords and other confidential information.
The software giant says it is catching these campaigns through behavior-based machine learning detections.
“Microsoft was able to detect the attack with the help of Microsoft Threat Protection's machine learning algorithms, with all customers running Microsoft Defender being automatically protected,” Bleeping Computer’s Abrams wrote.
CORONAVIRUS PANDEMIC CAUSES US BANKS TO ISSUE INTERNET FRAUD ALERTS
Microsoft Defender is an anti-virus program that comes with Windows 10.
Cybercriminals “pay close attention to current events and stories that are most concerning to a large amount of people. They then create lures that focus on these stories in order to trick people into opening what they perceive as important information for themselves or their businesses,” Abrams told Fox News in an email.
CLICK HERE FOR COMPLETE CORONAVIRUS COVERAGE
"Lokibot is commodity malware used by a number of criminal organizations," Tanmay Ganacharya, director for security research of Microsoft Threat Protection, told Fox News.
"This is a continuation of the trend we’ve been seeing that attackers are capitalizing on our fears around COVID-19." he said, adding that Microsoft has been catching this and other "evolutions" of the malware via its Machine Learning.