Malware found disguised as Vietnam government statement on Covid-19

By Luu Quy   March 9, 2020 | 09:41 pm PT
Malware found disguised as Vietnam government statement on Covid-19
Hackers have been making used of public concern over Covid-19. Illustration photo by Pixabay.
Hackers have attached malware to a file purporting to be the prime minister’s statement on the Covid-19 outbreak.

CMC Cyber Security, a leading company in information security, said hackers have created a shortcut file named "Chi thi cua Thu tuong (prime minister’s directive) with the extension .lnk rather than the official .Ink.

Since the last few characters in long file names are hidden when users open them on Windows, many are liable to click on download and infect their computer or phone.

According to experts, the file contains many "abnormal" scripts, including for executing a malicious code.

The malware will create duplication and automatically activate the ability to run every time users start their computer.

It will also create a backdoor to allow attackers to access the system and execute commands remotely, allowing them to download files and obtain users' information.

"With many different attack techniques and the ability to mess up users' execution, it can be seen that those behind this malware have spent a lot of time on researching and developing appropriate attack methods," CMC said.

This is the latest advanced persistent threat (APT) detected in Vietnam, in which attackers have made used of the public concern over Covid-19, the disease caused by the novel coronavirus.

In January Russian cybersecurity firm Kaspersky Lab found hackers attaching malware to links disguised as those providing information on the virus such as Worm.VBS.Dinihou.r; Worm.Python.Agent.; UDS: DangerousObject.Multi.Generic;; Trojan.WinLNK.Agent.ew; HEUR:Trojan.WinLNK.Agent.gen and HEUR:Trojan.PDF.Badur.b.

Last year over 420,000 computers in Vietnam were affected by APTs, according to the country’s leading cybersecurity firm BKAV.

"Users must be very careful when opening files attached in email and should absolutely avoid those with a suspicious ending," Nguyen Khac Lich, deputy head of the Authority of Information Security, warned.

go to top