Skip to navigationSkip to content
GOING DARK

Concern for coronavirus victims evident even among cybercriminals in dark web forums

Coronavirus scams abound online.
REUTERS/Dado Ruvic
Scams linked to Covid-19 still abound, though.
  • Justin Rohrlich
By Justin Rohrlich

Geopolitics reporter

As the coronavirus pandemic continues to spread across the world, authorities have seen a simultaneous outbreak of opportunistic cyber scams.

The US Cybersecurity and Infrastructure Security Agency, which is part of the Department of Homeland Security, issued a warning earlier this month about online fraud having to do with Covid-19.

“Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes,” it said. “Exercise caution in handling any email with a Covid-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to Covid-19.”

Digital Shadows, a cyber threat intelligence firm with offices in the US, UK, and Singapore, has been monitoring the dark web forums where cybercriminals buy, sell, and trade ideas. Researchers discovered one user on a Russian-language site offering malware that would be installed on victims’ computers via an email attachment mimicking a map of the coronavirus’s spread from the Johns Hopkins University Center for Systems Science and Engineering. Prices started at $200.

Another phishing campaign, which first emerged in late January, targeted people in Japan with fake health alerts that in fact planted malware on users’ machines to steal their personal information. In Italy, where the coronavirus has now killed more than 4,000 people, a similar online swindle used emails that looked like they were from the World Health Organization to infect computers with a banking trojan called Trickbot.

But, according to Digital Shadows analyst Alex Guirakhoo, “exploitation is not the universal reaction.”

“As we’ve seen time and time again, cybercriminals will find ways to take advantage of people’s fears and uncertainties in the wake of major disasters and emergencies,” Guirakhoo wrote in a blog post. “However, the gravity of the Covid-19 pandemic has shown some benevolent reasoning has emerged on some platforms that are typically used for crime: Users urging others to avoid taking advantage of an already dire situation.”

In an English-language dark web cybercriminal forum called Torum, Guirakhoo found a user known as “L-47” who joined “seemingly with the express intent to provide first-hand information on the impact of the virus in Spain and Germany.” Another user “appeared concerned about the supposed lack of activity from forum members.” In forums used to trade stolen, or “cracked,” credit cards and bank accounts, Guirakhoo observed off-topic posts created by users in support of those suffering in Italy, with pleas to fellow members to take care of the at-risk and elderly.

“Right now, there are so many reports of cybercriminal activity surrounding the Covid-19 pandemic that it took me by surprise to see something other than that,” Guirakhoo told Quartz. “A sense of community is apparent on these forums, as people find comfort in having a sense of anonymity and the freedom to say or do whatever they want. It’s a weird way of thinking about a cybercriminal platform, and it reminds me of a recent example on the forum ‘Envoy,’ which recently added a new section dedicated to suicide awareness and harm reduction, providing resources to help those in need.”

It’s easy to forget that cybercriminals are human beings susceptible to the same kinds of emotions and environmental stresses as everyone else, explained Guirakhoo.

“There’s a tendency to think of the dark web as this vast, mysterious place, when in reality it’s a lot more familiar than we realize,” he said.

However, Guirakhoo cautioned that while some cybercriminals may appear sympathetic with coronavirus victims, many continue to try to take advantage of the situation.

“It’s important not to forget that and let your guard down,” he said. “Cybercriminal activity like this is almost guaranteed to continue as the pandemic progresses.”

📬 Kick off each morning with coffee and the Daily Brief (BYO coffee).

By providing your email, you agree to the Quartz Privacy Policy.