We hope not, because “My Health E-book” is a phishing scam by some world hacker organizations.

The number of scams, threats, and malware campaigns taking advantage of public concern over the coronavirus pandemic is increasing each day.

Recently, threat actors were discovered by the MalwareHunterTeam to have used a fake ebook as a lure, claiming that the “My Health E-book” includes complete research on the global “corona-virus” pandemic, as well as guidance on how to protect children and businesses.

The criminals behind this scheme try to trick victims into opening the attachment, contained in a zip file, by offering teaser content within the body of the email, including text such as:

Guidance to protect children and business centre;

This guidance provides critical considerations and practical checklists to keep Kids and business centre safe. It also advises national and local authorities on how to adapt and implement emergency plans for educational facilities.

Critical preparedness, readiness and response actions for COVID-19;

WHO has defined four transmission scenarios for COVID-19 . My Health E-book describes the preparedness, readiness and response actions for each transmission scenario.

The email content goes on to tell readers that they can download and access the e-book from Windows computers only.

Instead, as soon as they execute the file inside the MyHealth-Ebook.zip archive, malware will be downloaded onto their computers. As seen in the previous wave of spam, the malicious code is for a downloader called GuLoader.

GuLoader is used to load the real payload, an information-stealing Trojan called FormBook, stored in encoded format on Google Drive. Formbook is one of the most popular info-stealers, thanks to its simplicity and its wide range of capabilities, including swiping content from the Windows clipboard, keylogging, and stealing browser data. Stolen data is sent back to a command and control server maintained by the threat actors.

While the threat actors are improving on the campaign’s sophistication by building reputable-sounding content within the body of the email, a closer examination reveals small grammatical errors, such as: “You are now receiving this email because your life count as everyone lives count.”

Right off the bat, the incorrect use of a hyphen in “coronavirus” in the subject line could tip off users with a critical eye for grammar. However, since WHO are often touted as a trustworthy and authoritative resource, many will be tempted to open the email. This, combined with other minor formatting and grammar mistakes, as well as a mix-and-match selection of fonts make this clever phishing scheme, upon closer examination, a dud. Still, many have fallen for far more obvious ploys.

With a huge swatch of the population now confined to their homes but working remotely, the risk of infecting a highly distributed network is increasing. That is why it is more important than ever to use a discerning eye when opening work or personal emails, as employee negligence is one of the top indicators for successful cyberattack/data breach.

Bookmark