Cybercriminals haven’t hit the brakes for COVID-19. Consider this short list of recent cyber attacks the tip of the iceberg.
Hackers are installing malware on cell phones via fake coronavirus tracking apps and fake COVID-19 maps. The malware can steal bank details, passwords and login information from the victim’s device. It can also lock them out of the phone or tablet and demand a ransom to get back in — and to prevent having all photos and contacts deleted.
COVID-19 phishing scams are skyrocketing, with hackers using fake emails to trick people into downloading harmful malware or providing sensitive personal information. One convincing email claiming to be from the World Health Organization (WHO) lures people in with tips on how to avoid contracting the novel coronavirus. Once the victim clicks on the link, they’re redirected to a site that steals their personal information. This same scam is also spreading via text messages and phone calls.
Cybercriminals are using weaknesses in WordPress plugins to get into corporate networks. That includes stealing customer credit card numbers via the WooCommerce e-commerce plugin, and distributing trojanized versions of WordPress themes and plugins (more than 20,000 WordPress sites were infected this way).
ChatBooks — a service that lets people build photo books using their Facebook and Instagram accounts — has just told its customers that hackers have stolen vast amounts of user information from their systems. Fifteen million ChatBooks user records are being sold on the dark web by a hacker group that has stolen more than 73 million user records from 11 companies including HomeChef, Tokopedia, GitHub and Chronicle.com.