Using a Public Health Emergency for Malicious Purposes — There’s nothing lower
Cybercriminals are nothing but a bunch of lowlives who will go to any level to get something out of innocent users. In the past, they have taken advantage of terror attacks, crashing planes, Christmas and even disease like Ebola.
Now scammers have stooped so low that they have started exploiting public concerns regarding Zika Virus. The World Health Organization responded to the Zika virus outbreak on 1st February 2016 and declared that it was a Public Health Emergency of International Concern (PHEIC). This growing concern was deemed by malicious actors as the perfect opportunity to conduct yet another scam campaign.
According to Symantec Security Response, a malicious spam campaign that seeks to exploit the global interest in the “extraordinary event,” that is, the Zika virus has been discovered. Since Brazil has reported most of the Zika virus cases, therefore, it is natural that hackers targeted Brazilian citizens in their new malicious campaign.
The Spam Campaign:
An email that claims to be sent from the health and wellness oriented website in Brazil Saúde Curiosa (Curious Health) is circulating all over Brazil. The email’s subject says “ZIKA VIRUS! ISSO MESMO, MATANDO COM ÁGUA!”
The English translation of this term is: “Zika Virus! That's Right, killing it with water!"
Screenshot of the email received by Brazilian users / Image Source: Symantec
The scammers have adopted all the measures to make the email appear convincing and real. The text and imagery have been taken from an authentic article from the website mentioned above. However, the email has buttons and attachments to capture the attention of the email’s recipient. Such as it includes a call to action that says: “Eliminating Mosquito! Click Here!” Or, “Instructions To Follow! Download!”
The email also contains a file attachment. When the recipient clicks on the buttons, their embedded URL links redirect them to the Bitly, the URL shortening service, from where the user is taken to Dropbox, a file hosting platform.
Screenshot of the Dropbox page containing malware. It has been clicked 1,610 times / Image Source: Symantec
As per the analysis of Symantec, their products and Norton’s software are able to detect the file hosted on Dropbox and the email attachment as JS.Downloader. This is a strong malware that infects the computer of the user immediately and then starts downloading additional malware on to it.
The Zika virus has a connection with birth defects in the Americas. Most affected countries include Brazil. The WHO’s declaration has generated widespread unrest among the public as people are keen to know more and receive information about the virus.
It is apparent that cybercriminals won’t be leaving any stone unturned as far as scamming is concerned. Therefore, Symantec Security Response has issued a warning to users for being careful about opening unsolicited messages related to Zika virus. The company urges users to only visit the World Health Organization’s website for gaining information about this deadly virus. Moreover, users must avoid trusting unauthentic news sources both at local and international level. Lastly, never open any attachment present in an email and keep your security software updated.
