Cybercriminals prey on the coronavirus-related pandemic, they steal login credentials for social media and valuable information from electronic devices.

CERT Orange Polska warns against fake websites that are supposed to inform about the current situation related to SARS-CoV-2. In fact, instead of the latest epidemic data, login credentials will be stolen.

The pages imitates a typical news site, cybercriminals encourage users to log in using their Facebook accounts, followed by a redirection to a fake website where their account logins and passwords are stolen.
It could also be expected that in near future there will be “coronavirus” related phishing attempts to steal login credentials for online banking.

The spread of "CoronaVirusSafetyMeasures_pdf" via emails, under pretext of advice on how to avoid coronavirus infection, has been observed. The victim who executes the file, opens a Trojan that gives cybercriminals remote access to the software. RAT dropper acts as a keylogger, i.e. it records all keystrokes. Trojan then saves the entered password, including those for online banking.