Attackers were quick to exploit the COVID-19 pandemic, with coronavirus-themed phishing campaigns, Trojans delivering ransomware and backdoors, and other scams. Netskope Threat Labs have been keeping a close eye on the threat landscape and tracking COVID-related campaigns throughout this unprecedented time.
This blog post details a COVID-19 relief package scam that has been active since April 2020. The attacker has recently registered new domains from which they are hosting the scam. The attacker’s use of social media—leveraging victims to actively share the scam with their contacts—has contributed to the scam’s longevity. Every version of the scam is based on the same template, helping the attacker to pivot to new cloud services and hosting providers when necessary. The attacker behind this campaign has hosted multiple similar scams, each targeting victims in specific countries, with