As Coronavirus continues its rapid spread, Internet users are fearful of coming into contact with the virus and anxious for more information about the coronavirus outbreak. Cybercriminals are taking advantage of the coronavirus (COVID-19) pandemic and preying on vulnerable people’s fears to spread malware. In these trying times, EnigmaSoft is still here to help people stay safe from malware, including the malicious coronavirus-themed malware attacking users’ computers.​

​A number of cyber-attacks and strains of malware themed after COVID-19 have swept across different parts of the world over the last few days. An advanced persistent threat (APT) is believed to be behind the March 2020 targeted attack dubbed “Vicious Panda” that was spreading coronavirus malware. The Vicious Panda attack used phishing emails targeted at Mongolian government institutions. The emails came with RTF file attachments that allegedly contained important information about coronavirus.

Coronavirus malware took a lot of different forms over a very short period. In mid-March 2020, a new strain of ransomware appeared in the wild, named CoronaVi2020. Distributed primarily through spam emails and malicious attachments, the CoronaVi2020 ransomware asks for a relatively modest 0.008 BTC (roughly 50 USD) ransom and seems to be targeting regular home users instead of corporations and government institutions. The ransomware affects most common file types including images, databases and office files, with the ransomware appending its author’s email — coronaVi2022[at]protonmail[dot]ch — in front of affected files.

The Coronavirus ransomware was also spotted bundled with the info-stealer trojan Kpot. A malicious site was distributing an executable named WSHSetup.exe that was effectively a bundle carrying both the coronavirus ransomware and the Kpot Trojan. Kpot can scrape account information from a number of web browsers, email accounts, cryptocurrency wallets and game distribution clients.

The coronavirus pandemic is a continuing challenge for people all over the world. The EnigmaSoft technical support continues to be ready and at your service for 24/7 one-on-one support, including custom help with malware. Our customers can rely on EnigmaSoft and our range of services through this difficult stretch, as we all fight to return to a more normal life.

EnigmaSoft, a privately held Irish company with offices and global headquarters in Dublin, Ireland, is best known for their SpyHunter anti-malware product. The company has now added a full suite of CoronaVirus Malware detection and removal software to their offerings. You can see that here. ◊