lead centered=”no”Beware malware-laden emails offering COVID-19 information, US Secret Service warns./lead

As the coronavirus crisis continues to capture everyone’s attention, cybercriminals stay busy running scams and delivering malware using the attention-getting virus as a lure. The threats from the scammers and crooks, which began as early as January and continue unabated, range from tricking people out of their financial data to delivering pernicious malware.

mit their crimes, many schemes rely on tried-and-true phishing methods that exploit unpatched software flaws that sometimes have stayed unfixed for years. On April 1, the US Secret Service (USSS) sent out an information alert, “Fraudulent COVID-19 Emails with Malicious Attachments,” that warns about messages masquerading as COVID-19 status emails from employers, merchants and other businesses.

The USSS has uncovered attempted attacks that, using these faux alerts, sought to remotely install malware on the infected system to “harvest financial credential, install keyloggers, or lockdown the system with ransomware.” The malicious attachments are usually Microsoft Office or WordPad file types that exploit a now-patched vulnerability in Microsoft Office, according to the alert. However, the Secret Service says that variations exist and attack vectors evolve.

This article appeared in CSO Online. To read the rest of the article please visit here.