The rise in coronavirus-themed scams was expected, but the numbers are surprising even the most experienced cybersecurity researchers.
In the first three months of the year, there were at least 2,022 malicious and 40,261 “high-risk” newly registered websites and domains, according to Palo Alto Networks. That’s out of a total of 116,357 coronavirus-related, newly registered domain names tracked by the company.
The researchers labeled domains “malicious” when they were either phishing pages trying to steal visitors’ personal data and passwords, or if they were serving malware. There was a 569% growth in registrations of such sites between February and March, the researchers discovered.
High-risk domains, which leapt by 788%, were a broader class, encompassing those sites that contained scam pages like those hocking unproven cures, or web pages that secretly mined cryptocurrency using visitors’ compute power. The also included websites that contained a suspiciously small amount of content and domains associated with known malicious web hosting.
The malicious and dangerous domains came in myriad forms. Many sites hosting malware targeted Windows users, but a handful have been attacking Android users. One was Corona-virusapps[.]com and coronaviruscovid19-information[.]com, which were hosting data-stealing malware aimed at Google’s operating system. Last week, researchers discovered Android coronavirus-themed malware that was targeting the Syrian population.
Many scam sites tended to focus on supplies that’ve been in demand, such as allsurgicalfacemask[.]com and selectsanitizer[.]com. Then there were a handful of “illicit online pharmacies,” including covid19-remedy[.]com, rxcovid[.]com and anticovid19-pharmacy[.]com. Not only were they promising unproven remedies, they were also pushing all manner of other drugs like Viagra and other drugs unrelated to the coronavirus.
“People should be highly skeptical of any emails or newly registered websites with COVID-19 themes, whether they claim to have information, a testing kit or a cure. Special care should be taken to examine domain names for legitimacy and security, such as ensuring it is the legitimate domain,” Palo Alto researchers wrote in their report.
“Similar care should be taken with any COVID-19 themed emails—a look at the sender’s email address often reveals the content is likely not legitimate, as it’s either unknown to the recipient, misspelled, or suspiciously long with random-seeming characters.”
Earlier this week, a division of British spy agency GCHQ revealed it had shut down 2,000 COVID-19 scams. The National Cyber Security Center also set up a service to quickly report any coronavirus phishing websites, whilst recommending people update their login information and store it in either a password manager or the browser.
Full coverage and live updates on the Coronavirus