COVID-19 themed malware and credential theft campaigns make a resurgence as Delta variant spreads

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Proofpoint finds COVID-19 themed email threats make a resurgence as the Delta variant spreads.

Since late June 2021, Proofpoint has observed high volumes of COVID-19 themed threats distributing malware and credential theft campaigns, including a Microsoft credential theft campaign targeting thousands of organisations globally. Proofpoint researchers also identified an increase in business email compromise, with threat actors posing as human resource professionals to gain an individual’s trust.  

The new attacks follow a lull in COVID-19-themed threat campaigns through the Spring and early Summer of 2021. Now, multiple types of high-volume threats have pivoted back to using COVID-19 social engineering themes as global concern about the Delta variant rises. 

Proofpoint has been tracking ongoing threats using COVID-19 and related coronavirus themes since the beginning of the pandemic. TA452, known to distribute Emotet, first began using COVID-19 in email threats in January 2020. Although the virus has remained an ongoing theme, researchers have observed a significant increase in messages leveraging COVID-19 in recent months. 

Since late June 2021, Proofpoint has observed high a volume COVID-19 themed campaigns distributing RustyBuer, Formbook, and Ave Maria malware, in addition to multiple corporate phishing attempts to steal Microsoft and O365 credentials. The researchers also found an increase in business email compromise threats using COVID-19 themes during this timeframe.

“The increase in COVID-19 themes in our data aligns with public interest in the highly contagious COVID-19 Delta variant,” says Proofpoint.

“According to global Google Trend data, worldwide searches for “Delta variant” first peaked the last week in June 2021 and have continued through August 2021 so far. The increase in COVID-19 related threats is global. We observed tens of thousands of messages intended for customers in various industries worldwide.” 

Open-source data also supports a greater threat actor adoption of COVID-19 themes. South Korea, for example, recently raised its cyber threat warning level in response to an increase of threats related to its COVID-19 relief programs. 

Threat actors…

Source…