Cyber criminals are using a new phishing campaign that tells victims they’ve come in contact with someone diagnosed with COVID-19 and tricks them into downloading malware.

The campaign pretends to be from a local hospital telling the recipient that they have been exposed to the Corona virus and that they need to be tested.

The text of this email reads:

Dear XXX

You recently came into contact with a colleague/friend/family member who has COVID-19 at Taber AB, please print the attached form that has your information pre-filled and proceed to the nearest emergency clinic.

Maria xxx
The Ottawa Hospital General Campus
501 Smyth Rd, Ottawa, ON K1H 8L6, Canada

When a user opens the attachment. they will be prompted to ‘Enable Content’ to view the protected document.
If a user enables content, malicious macros will be executed to download a malware executable to the computer and launch it.

The installed malware performs behaviors like searching for cryptocurrency wallets, stealing web browser cookies, gets a list of programs running on the computer and more.

Useful links: