You already knew this was going to happen. It was just a matter of waiting.
Fast on the heels of the release of President Trump's "Coronavirus Guidelines for America," malicious actors have now weighed in with their own updated version. And you shouldn't be surprised to learn that their version eschews social distancing, face masks, or anything resembling soap and disinfectant. Nope.
Instead, the bad guys are prescribing a strict regimen of malware, malware, and more malware. (For those unable to execute malware, a steady diet of credentials phishing should suffice.)
Here's what's now landing in users' inboxes -- yes, even those working from home.
Despite its brevity, this email turns out to be one of the more unusual Coronavirus phishes we've seen.
Often the bad guys struggle with language -- esp. the mind-numbingly bureaucratic kind that so often erupts from high people in high places. (Who knew that such wretchedly bad prose was so difficult to imitate?) In this malicious email, however, bad actors go full Jimmy Carter on unsuspecting users, warning them against an incipient "global economic malaise and a surfeit of misinformation." (Yeah, we actually had to use a dictionary for that one.)
Fear not, though. The bad guys have the solution. And it involves unhappy users sitting in "carantine" clicking through to a landing page spoofing the White House itself and downloading the President's "NEW Coronavirus Guidelines for America."
These NEW guidelines are, of course, malware in the form of a file named "Information.doc." Although two engines on VirusTotal are currently flagging the file with what look to be heuristic detections of some sort, the file we received appears to be corrupt. (For that turn of events we would encourage one and all to give a couple of full-throated Bronx cheers in celebration of Murphy's Law.)
Once we manage to get our hands on version 3.0 of these "guidelines" and obtain a better picture of just what the bad guys are pushing, we'll update this blog post.
Until then, though, it would undoubtedly be a good idea to warn your users once again about the dangers of clicking through malicious links and attachments found in dodgy emails offering information or "guidelines" about the COVID-19 pandemic.
