Skip to main content

Coronavirus Health Notifications Being Used To Carry Malicious Threats

By March 30, 2020May 9th, 2022Technology News

A Pakistani-based hacking group that goes by a variety of names, including “Transparent Tribe,” “APT36,” “Mythic Leopard” and others has been discovered to be behind a particularly nasty attack recently.

Researchers with QiAnXin’s RedDrip Team discovered a phishing campaign bearing the group’s stamp.

This new campaign utilizes poisoned files that appear to be health advisories sent by the Indian government. These days, people are desperate for information about the Coronavirus, and the hacking group is taking full advantage.

Their poisoned documents are being opened at an alarming rate, and when they are, a malicious tool called the Crimson RAT (Remote Administration Tool) is being installed.

This tool allows the hacker group to, (among other things):

  • Capture screenshots
  • Collect information about the antivirus software the victim’s computer or device uses
  • Make use of TCP protocols for communicating with the command and control server
  • Stealing credentials from the victim’s browser
  • Listing running process, drives and directories on the victim’s machine
  • Retrie files from its C&C server

While all of those are bad, the last one is probably the most dangerous. Once the hackers have established an entry point on the infected system, they can use the communications link with the C&C server to install literally any other type of software they want.

For the time being, the group has contented themselves with operations in India, but they’re not the only state sponsored threat actor on the world stage. They’re certainly not the only ones to be using the fear surrounding the Coronavirus as cover for their nefarious activities.

Be sure your employees are aware of this new threat, and adopt the policy of not opening any health related information you get via email. If you want to know the latest information available, instruct your team to go to the CDC’s website and pull it straight from the source.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.