Image from Pixabay.com
As if the world didn’t have enough to deal with right now, we face a sharp increase in malware courtesy of the ongoing pandemic. Many of these malicious programs are COVID-19 inspired, and cybercriminals are actively seeking ways to capitalize on the current crisis.
From fraudulent contact tracing apps in Canada to phishing emails purportedly from the World Health Organization (WHO) and many more scams and tricks in between, users need to be extra careful of their devices and data.
Why is malware increasing during the pandemic?
Criminals have always sought ways to profit from panic and cash in on upheavals and uncertain times. Take the recent Black lives matter protests in the US as one recent example; amongst the many peaceful protesters, looters were stealing from shops. Organized crime groups are also stepping things up a notch or three during the crisis. According to a report from the United Nations Office on Drugs and Crime, criminal groups are taking the opportunity to push further into communities and expand their reach.
In the digital realm, it’s no different. The confusion of the pandemic, the uncertainty many people feel, and the switch businesses have made to remote working models have all provided the perfect conditions for cybercrime to proliferate and flourish.
COVID-19 inspired malware to be aware of
Fraudulent COVID-19 Tracing Apps
Several fraudulent contact tracing apps have been identified in Canada and elsewhere. To date, 12 apps have been identified; each was purposely designed to steal data, install malware on a user’s device, or otherwise cause damage.
In the United Kingdom, officials are concerned about the “COVID 1984” app, which doesn’t carry malware, but was designed so users can skirt track and trace requirements. Because the app is named similarly to the official NHS app, there is a chance unsuspecting users will download it, assuming it is the real version.
Fake text messages
Fraudsters have shown that they are more than able to hack contact tracing apps and attempt to steal data or cause users to download malware. Again in the United Kingdom, cybercriminals have been sending messages to app users that read: “Someone who came in contact with you tested positive or has shown symptoms for Covid-19 & recommends you self-isolate/get tested.” The message includes a link. As reported by CNN, the same text message has been circulating in the United States.
The US Better Business Bureau notes numerous reports of a text scam masquerading as the US Department of Health and Human Services. Recipients are told they have to take a “mandatory online COVID-19 test” by clicking a link.
Around the world, thousands of COVID-19 scam emails have been reported. Emails may masquerade as official government agencies or public health bodies. One email was dressed up as official communication from the WHO, but clicking a link took users to a website that covertly downloaded malware to their devices.
The types of malware
As an umbrella term, malware means malicious software, that is, any program explicitly designed to harm a user, their devices, or their data. We can further classify malware based on its functions:
- Spyware – Malware that’s designed to monitor users by, for example, taking screenshots of their device or logging keystrokes.
- Ransomware – These programs lock users out of their devices or files until a financial ransom is paid.
- Adware – Bombards users with adverts, including pop-ups that appear on the desktop or home page. Can redirect a user’s searches to look-alike pages.
Malware is also classified according to how it spreads. Viruses and worms can replicate themselves, while Trojans need to be installed.
How to Protect Yourself From COVID-19 Malware
- Be suspicious of any text message or email you receive that claims to be from an official body, especially if it contains a link and a sense of urgency. If you are unsure of the legitimacy of an email or text, contact the organization directly.
- Only download contact tracing apps from the link on the government’s official website. These links will lead you to the app store. Although app stores should block fraudulent programs, this isn’t always the case.
- Always keep your device operating systems and any apps updated. Software developers release updates and patches to remedy any known vulnerabilities and fix bugs.
- Companies should consider email scanners to mitigate the risk of phishing attempts being successful.
- Use a high-quality, paid antimalware service. Avoid free software as many of these programs are little more than scareware.
- Always use a firewall when you’re online. Businesses should consider enterprise-level firewalls for better perimeter security.
Outside of these steps, practice good digital hygiene practices such as strong passwords and signing out of sites when done. Other security software can also help prevent malware. For example, the functions of VPNs are to create a private and encrypted browsing network. It can’t protect you from malware directly, but it can shield our activity from prying eyes and make you less of a target online.
Staying savvy to current COVID-19 cyber scams and following the precautions detailed above can make the difference between falling victim to malware or staying safe.