The U.S. Justice Department and the Commonwealth of Virginia on Friday announced the creation of a special task force dedicated to stamping out fraudulent activities that seek to profit off the growing pandemic caused by the novel coronavirus, including online scams that steal money from victims or install malware. The Virginia Coronavirus Fraud Task Force, as the group is called, includes the FBI, prosecutors from the U.S. attorney’s offices for the eastern and western districts of the state and the Virginia State Police.
“This task force enables state police to more efficiently and effectively collaborate with our local, state and federal law enforcement partners to best protect Virginians from predatory and, potentially criminal, practices,” Col. Gary T. Settle, the superintendent of the Virginia State Police, said in a press release.
The task force’s formation follows a memo that U.S. Attorney William Barr sent his deputies Monday, ordering them to prioritize the prosecution of cybercriminals who attempt to exploit the public health crisis. Malicious activity from criminals and state-backed hackers invoking the coronavirus has already surged in recent weeks as the spread of the COVID-19 illness worsens.
Leaders of new Virginia task force said they plan to target scams in which bad actors pose as health officials or charities as a way to fleece victims. They also listed phishing campaigns that attempt to trick victims into handing over personal information and credentials or downloading malware by posing as public-health entities like the World Health Organization or Centers for Disease Control.
According to the cybersecurity company CrowdStrike, an unnamed actor behind Emotet — a banking Trojan that frequently appears as a precursor to ransomware like Ryuk — has been using images of a coronavirus tracking map created by Johns Hopkins University to trick victims into downloading its malware. The actor, which CrowdStrike refers to as “Mummy Spider,” was observed in January — as the coronavirus was spreading across China and South Korea — sending spam emails using a technique known as thread-hijacking to lure people into clicking on malicious links by advertising updated information about the virus.
The Hopkins map appears to be popular among both the mainstream public and hackers alike: On Wednesday, the security company Lookout revealed that a mobile app that claimed to offer updates from the map was actually the work of a Libyan spyware operator.
“The use of COVID-19 as a lure is indicative of a common tactic of eCrime actors, who frequently capitalize on major events or health scares as a means of social engineering,” a CrowdStrike advisory reads. “As this outbreak event continues, criminal operations leveraging the COVID-19 outbreak are likely to increase and remain prevalent.”
This is part of StateScoop and EdScoop’s special report on coronavirus response. Read the rest of the report.