Clever Geek Handbook

Cheating injection: COVID-19 vaccines in scam campaigns

The COVID-19 pandemic has brought millions of people online. The need to reduce physical contact has led to much of life shifting to the internet, increasing humanity's dependence on online platforms. Massive fraudulent campaigns have blossomed on the rise of trust in online platforms. Vaccines have become one of the most popular news feeds for these campaigns. In this post, we'll cover malware, spam, phishing schemes, and sites related to COVID-19 vaccines.





Spam campaigns

We recorded spam campaigns using the covid vaccine theme as early as Q1 2020, even before the global lockdown. The first to hurry up were the malware operators Emotet, Fareit, Agent Tesla and Remcos.





Emotet

The spam campaign to spread this malware began just after the New Year and targeted healthcare, manufacturing, banking and transportation industries in the United States, Italy and Canada. More than 80 different variants of malicious documents attached to letters were used to spread the Trojan. Their names contained the word "COVID" as the main factor in attracting attention:





  • Daily COVID reporting.doc





  • DAILY COVID-19 Information.doc





  • NQ29526013I_COVID-19_SARS-CoV-2.doc





  • GJ-5679 Medical report Covid-19.doc





Here are some of the subject lines that potential victims have received:





  • COVID-19 Vaccine Survey;





  • RE: RE: COVID-19 Vaccine Clinic with Walgreens To Do Now;





  • Re: #TuOficinaSegura. Pfizer anuncia Vacuna contra el Covid. Novedades Oficinas YA! 10 de Noviembre de 2020.





, 33 . , .





Fareit

, , FTP. -, , :





  • Corona-virus(COVID-19),Common vaccine;





  • Corona-Virus Disease (COVID-19) Pandemic Vaccine Released;





  • Latest vaccine release for Corona-virus(COVID-19).





COVID:





  • Corona-virus vaccine.arj





  • COVID-19 VACCINE SAMPLES.arj





  • COVID-19 Vaccine.arj





  • vaccine release for Corona-virus(COVID-19)_pdf.rar





An example of one of the malicious emails sent by Fareit operators. Source (hereinafter): Trend Micro
, Fareit. ( ): Trend Micro

. Fareit , , , , .





, , Lokibot, Agent Tesla, Formbook, Remcos, Nanocore.





2020 Zebocry , Sinopharm, COVID-19. (VHD), : PDF Sinopharm Microsoft Word .





  , , , . . (NHS). .





Phishing email from NHS inviting vaccinations
NHS

, «» « », , , , . , , .





, , Chopo. .





Phishing site of "Chopo medical laboratory"
« Chopo»

, , , , . «» , . , 2700 ( 130 ). : , Facebook WhatsApp .





, 2020 , : , ; HTML- .





A phishing email with a "sales pitch" for vaccine transport equipment
« »

, . . , . 20  , « » — 60  .





SMS-, . , , . , , , .





2020 DomainTools , COVID-19. Trend Micro Smart Protection Network, 75 000 , , .





2021 «». DomainTools, 2020 . 2020  «covid» . 1000  «». , 2020 . 100 , :





  • Gam-COVID-Vac





  • BioNTech’s BNT162 vaccine (COVID-19 mRNA vaccine)





  • EPI - VAK - KORONA





  • PiCoVacc





  • Sputnik V





-, , , , . , . , , - .





Fraudulent vaccine website
,

, . , , , , .





. .





Discussion of the coronavirus vaccine on one of the Darknet sites

Facebook Telegram. Telegram- 4 .    .





Telegram channel offering to buy any vaccines with delivery
-,

, Delta Express.





, . , . ? , - .





, , , , , «» Pfizer «-V».





- , , . :





  • , ;





  • , , COVID-19 , , — ;





  • — , , — , , , ; ;





  • : - .





, - Trend Micro Check — , , , , . 2   3   .







More articles:


All Articles