Researchers from cybersecurity company Group-IB analyzed hundreds of coronavirus-related phishing emails between February 13 and April 1, 2020. As per the report, 65% of spyware was the most common malware class hiding in fraudulent COVID-19 emails. Most COVID-19-related phishing emails had different spyware strains embedded as attachments. AgentTesla, NetWire, and LokiBot were the most actively exploited malware families.
The emails were masked as advisories, purchase orders, face mask offers, and safety recommendations from World Health Organization (WHO), UNICEF, and other international companies such as Maersk, Pekos Valves, and CISCO.