Phishers Use World Health Organization Name to Lure Victims to Download Fake Coronvavirus Ebook


The World Health Organization (WHO) is among the premiere sources of up to date and accurate information on COVID-19 so it is now surprise cybercriminals are leveraging this for their benefit.

Malwarebytes has found a new phishing campaign using the well-respected WHO name as a lure to trick people who are rightfully fearful of Coronvavirus into downloading a fake e-book that carries an infostealer. The e-book, named My-Health, is advertised to contain information to protect children and business from the virus.

The body of the email (see below) is visually compelling but does contain clues that it is not legitimate. The typos include incorrectly hyphenating the name as Corona-virus, along with several odd uses of capital letters and some poor grammar.

who phishing email
W.H.O phishing email

The recipient is expected to download the fake e-book from the attached zip file. However, it only contains GuLoader, which upon being download itself brings in the infostealing trojan FormBook.

“Formbook is one of the most popular info-stealers, thanks to its simplicity and its wide range of capabilities, including swiping content from the Windows clipboard, keylogging, and stealing browser data. Stolen data is sent back to a command and control server maintained by the threat actors,” Malwarebytes reported.

Researchers point out that with many millions of people now working from home, possibly using unsecure systems, any malware downloaded can easily end up inside their company’s network.

How useful was this post?

Click on a star to rate it!

Average rating 4.4 / 5. Vote count: 25

No votes so far! Be the first to rate this post.

What do you think?

30 points
Upvote Downvote

Written by ben shekelberg

Leave a Reply

Your email address will not be published. Required fields are marked *

pedophile arrest

North Yorkshire Pedophile Who Downloaded Child Porn From The Dark Web Avoids Jail

police arrest night

Additional Charge Filed Against Utah Man Who robbed Xanax From a Pharmacy With Intent to Resell it on The Dark Web