Your colleague was infected with Coronavirus, this is the latest phishing lure

Security experts uncovered a new Coronavirus-themed phishing campaign, the messages inform recipients that they have been exposed to the virus.

Experts continue to spot Coronavirus-themed attack, a new phishing campaign uses messages that pretend to be from a local hospital informing the victims they have been exposed to the virus and that they need urgently to be tested.

Threat actors attempt to take advantage of the fear of the population of being infected with the COVID19 that is killing hundreds of thousands of people worldwide.

The phishing messages tell the victims that one of their colleagues, friends, or family members has tested positive for the virus, then it urges them to print the attached “EmergencyContact.xlsm” file and bring it with them to the nearest testing center.

COVID-19 Scam

Upon opening the file, victims will need to ‘Enable Content’ to view the content of the protected document, but this action will trigger the infection process.

“If a user enables content, malicious macros will be executed to download a malware executable to the computer and launch it.” reads the post published by BleepingComputer.

The malicious executable will inject multiple processes into the legitimate Windows msiexec.exe file to evade detection by security solutions.

The malicious code analyzed by BleepingComputer researchers is an information stealer, it attempts to steal cryptocurrency wallets and web browser cookies.

The malicious code also gets a list of programs running on the computer, looks for open shares on the network, and gets local IP address information configured on the computer.


Unfortunately, this is only one of the numerous Coronavirus-themed attacks recently observed by security researchers, below the list of the attacks observed in the last seven days.

Coronavirus-themed attacks March 22 – March 28, 2020

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase