COVID-19: CYBERSECURITY WATCH #3 – April 2nd, 2020

In light of the current health crisis, the CERT of (CERT-DS) will implement a monitoring and alert system linked to the impacts and consequences of COVID-19 on cybersecurity. This monitoring, which can be shared freely, is intended to:

  • Identify the biggest threats to computer systems;
  • Share the resources and tools necessary to grasp and prevent ISS risks;
  • Highlight the best digital practices to adopt in the face of this crisis.

Each week’s main news items are grouped into four categories: Threats, Fraud, Useful Resources and Other News.

  • Threats” include malware, phishing and ransomware campaigns, as well as cyberattacks on major infrastructures;
  • Fraud” includes scams and fake news;
  • Useful Resources” refers to the information and tools needed to deal with this health crisis;
  • Other News” combines a variety of information such as government measures taken in the area of cybersecurity.


Attack: Banking Trojan Zeus Sphinx resurfaces under cover of COVID-19
Method: Phishing campaign
Target: The financial and banking sectors (United States, Canada and Australia)
Publication date: Marth 30th, 2020
Description: After three years of absence, this banking malware resurfaces under the theme of coronavirus. This phishing campaign uses e-mails that contain malicious documents designed to look like documents containing information about government emergency payments.


Attack: Routers targeted by DNS hijackings to redirect victims to fake COVID- 19 related websites
Method: Bruteforcing
Target: Home and small business routers including Linksys and D-Link (users in the US, France and Germany)
Publication date: March 25th, 2020
Description: Hackers use DNS hijacking to redirect users to fake sites that usurp WHO’s e-mail system. Users are then prompted to download an application that secretly installs a new variant of the Oski malware.


Attack: Phishing campaign makes Internet users believe they have been exposed to COVID-19
Method: Phishing
Target: Mail
Publication date: March 29th, 2020
Description: E-mails claiming to come from a local hospital make its victims believe they have been infected by one of their acquaintances, in order to induce them to download an emergency contact form hiding a malware.


Attack: Malware hosted by fake Zoom applications 
Method: Malware/Spoofing
Target: Users of the video conferencing application Zoom
Publication date: March 30th, 2020
Description: Victim of its own success, the video conference app Zoom has become the target of hackers who are taking advantage of its popularity to create fake domain names imitating the original site, or fake applications that lead to the installation of the InstallCore malware. 



Attack: Closure of various fraudulent websites offering COVID-19 protection equipment
:  Neutralization of French servers
Surface/Application: Websites such as “” and “”.
Publication date: March 31st, 2020
Description: Seven fraudulent sites were closed by the “gendarmerie de l’Office central de lutte contre les atteintes à l’environnement et à la santé publique (Oclaesps)”. The scammers claimed that their sites had closed down and then promised customers a quick refund.


Attack: Third-party Android application developers used keywords related to the COVID-19 theme to be featured in “trending” and install malware
: Download the application
Surface/Application: Android, Google Play
Publication date: March 31st , 2020
Description: These applications use keywords related to coronavirus to be in the top ranking of downloaded applications and have more credibility. These applications include pandemic trackers or applications capable of detecting the symptoms of the virus.


Attack: Russia suspected of being at the helm of several disinformation campaigns
Attackers: Russian and pro-Kremlin state media
:  Misinformation campaigns related to COVID-19
Publication date: March 23th, 2020
Description: An EU report obtained by Reuters accuses media close to the Russian government of spreading fake news within Western societies affected by the epidemic; the allegation is backed by the United States and rejected by the culprit. 


Attack: Illegal sale of facial recognition data of masked faces in China
: Trafficking of personal and biometric data
Surface/Application: Hacking into local or office surveillance systems
Publication date: March 31st, 2020
Description: Facial recognition algorithms are trained to analyze masked faces during epidemics and some of the data collected has leaked out and been sold on hacker forums for less than 10 cents.


Useful ressources

Resource type: 400 cybersecurity experts rally to fight cybercriminals behind coronavirus-themed attacks
Target: Health centers / communications networks
Publication date: March 27th, 2020
Description: The « COVID-19 CTI League » was created to counter cyberattacks targeting health centers as well as phishing campaigns, both of which are on the rise since the beginning of the outbreak.


Resource type: A wealth of apps and services are free during the COVID-19 health crisis
Target: Cybersecurity firms, the health sector…
Publication date: March 30th , 2020
Description: A website lists each cyber-related initiative for the digital industry as well as for companies whose employees work remotely. 


Resource type: COVID-19 (Coronavirus) Global Online Phishing & Scams Dashboard
Target: Companies and individuals
Publication date: February 2nd,  2020 (live updates)
Description: A live dashboard tracks all the scams, frauds and phishing campaigns related to the coronavirus.


Others news

Country: Belgium (Brussels)
Subject: European telecom operators will provide the European Commission with their clients’ geo-tracking data
Publication date: March 27th, 2020
Description: With the objective of mapping the population’s moves throughout the current health crisis, the European Commission will use individuals’ geo-tracking data gathered by telecom companies operating their smartphones.


Country: United Kingdom
Subject: The Information Commissioner’s Office (ICO) authorized the local police to exploit phones’ geo-tracking data to fight coronavirus
Publication date: March 31st, 2020
Description: The data would be used to monitor people’s moves, in order to track the virus propagation and help enforce confinement measures.


Country: Russia
Subject: Moscow will use QR codes to limit outings and enforce confinement measures
Publication date: March 31st, 2020
Description: As China did, Russia will implement QR codes to monitor outings throughout the confinement period.


Country: France
Subject: An app grants people a time-slot for grocery shopping to avoid congestion in supermarkets
Publication date: March 31st, 2020
Description: « OpenTable » allows customers to « book » a slot to go grocery shopping in order to prevent them from waiting in lines outside the store due to the social distancing measures taken by the government.


Country: the United States
Subject: Apple is launching an app and a website that facilitate the detection of coronavirus-related symptoms
Publication date: March 30th, 2020
Description: In collaboration with the task force appointed by the White House, the American giant has set up a screening tool in the form of an online form, alongside the provision of trusted information about the coronavirus.

Back to the previous newsletters of CYBERSECURITY WATCH #1 & #2