It was recently discovered that Malware strains are now using "coronavirus" text to trick antivirus software. TrickBot and Emotet have started to use text from different coronavirus news stories as a way to bypass the security software and tricking the AI and infect your computer with Trojans!
The world has been all over the buzz when it comes to the coronavirus (COVID-19), and when most users see content with coronavirus news, they usually do not hesitate to click it. While the antivirus software is programmed to identify malicious content, sometimes the use of these coronavirus news texts help the malware bypass the security measures.
How do hackers do this?
Right before distributing the malware through phishing campaigns as well as other cyberattacks, the developers usually use a hidden program called a "crypter" to be able to obfuscate the complicated malicious code. Cybercriminals do this to be able to get through the first stage, which is bypassing the users' very own trusted antivirus software.
The technique has been effective as of recent in particularly bypassing the security software which uses machine learning or AI in order for the software to detect malicious programs. Despite this complicated feature, hackers are still able to find a way to get through the software.
Emotet can hack into Wi-Fi networks
Be extremely careful with opening any type of file online, especially if it is quite suspicious because if Emotet is able to infiltrate your computer, it may even hack into your Wi-Fi network! Hacking into the Wi-Fi network through being able to access the user's private IP code and other identifications could cause serious damage later on depending on the hacker's intentions.
Trickbot can access your emails
When Trickbot infiltrated your device, do not expect your emails to be private anymore because it can bypass the antivirus software. With that, it can access your very personal information, including your emails and other conversations. There is no knowing what this malware can do once it has obtained your private information but one thing is for sure, it is definitely not good!
The discovery was made back in January
It was just recently discovered that crypters for both Emotet and Trickbot have started to use texts from stories about Trump's impeachment to form a similar text to a legitimate file for them to be able to bypass the antivirus software.
BleepingComputer has just recently discovered that the crypters for the two Trojans have started switching from stories about President Trump's impeachment towards coronavirus-related news stories! Trickbot even uses strings that are taken straight from CNN news stories in their malware description.
The head of SentinelLabs is explaining the situation
According to Vitali Kremez, the acting head of SentinelLab, "By and large, the Coronavirus strings being used by the malware crypter generator deploy public news content as a methodology to frustrate certain machine learning static file parser methodologies. This "goodware" string addition technique allows the criminal crypter operators to create crypted binaries that might allow bypasses of AI/ML engines of certain antivirus products as it was proved in the Cylance bypass method."