Covid-19: Fake NHS website is duping users into downloading malware
The hackers, as per the report, are targeting people searching for Covid-19 related health tips on UK’s health service website.
Coronavirus-related scams have been on a rise ever since the Covid-19 pandemic disrupted. In the past couple of weeks, a number of reports have detailed how malicious scammers are attacking netizens looking for information about the outbreak. Now a new report details how hackers are using a fake health site for duping users into giving up their personal and financial information.
According to a report by Kaspersky (via Daily Mail), hackers are using a fake National Health Service (NHS), which is the UK's health system tricking users into downloading malware and trojans on their devices.
The hackers, as per the report, are targeting people searching for Covid-19 related health tips on UK's health service website. When a user clicks on a link on the fake NHS website, a malicious piece of code, in this case, a trojan is downloaded on the victim's system which then seals passwords, user IDs and financial information and sends them to the attackers.
As per the report, hackers have attached malicious code to three hyperlinks on the fake NHS website. This includes How to avoid infection, Advice about staying at home and Use the 111 Coronavirus service. When a user clicks on one of these links, a pop-up window asks them if they want to save a file called 'Covid-19'.
When the users click on the 'Save File' option, a file containing a stealer trojan is downloaded on their system. This trojan then steals passwords, credit card data and other important information from the victim's system and sends it to the cybercriminals.
"We are seeing a spread in COVID-19 messaging to trick people into opening malicious links or attachments and downloading malware," Yury Namestnikov, head of Kaspersky's Global Research and Analysis Team said in a statement to the publication.
The cyber security firm recommends frequently installing OS updates and using complex passwords for various online accounts for preventing such attacks.