As news of the Ebola epidemic in West Africa gathers interest globally, a group of cyber criminals have been using the disease to steal passwords via emails.
A blog post by Symantec highlights the different ways in which these criminals try to make people install viruses on their computers. One of these viruses is a part of their phishing campaign - which can be used to steal passwords and other sensitive information, the company says.
Ebola is in the news due to a severe epidemic in West Africa. The disease is not easy to diagnose and there is no known cure as of now.
Symantec's blog post details the cyber criminals' methods. Two of the campaigns try to lure unsuspecting users with fake Ebola reports as attachments. The blog post says those who download the attachments get an infection of the Trojan.Zbot malware. In the second campaign, Symantec says cyber criminals send out an email that impersonates a major telecom provider with a presentation on the Ebola virus. "An attached zip file with a title like "EBOLA - PRESENTATION.pdf.zip" actually executes Trojan.Blueso on the victim's computer," the blog post reads.
The malware is used to infect Web browsers with W32.Spyrat. According to Symantec, this virus can be used to steal passwords, payment information, record from the webcam, delete files and folders, download and upload files and even gather details on installed applications, the computer, and the operating system.
The blog post highlights another sneaky way in which criminals play on the fact that there has been talk of a drug that possibly cures Ebola. Symantec says, "In the last two weeks there has been talk of Zmapp, a promising Ebola drug still in an experimental stage."
On how victims are lured, it says, "The crooks entice their victims with an email claiming the Ebola virus has been cured and the news should be shared widely. The email attachment is Backdoor.Breutmalware."
The attackers have left no stone unturned to make their emails look authentic. They've even used CNN's brand to make people believe that the emails are genuine. Symantec's post says the phishing campaign impersonates CNN with a brief story outline on Ebola and includes links to an "untold story".
If a person clicks links given in the email, they are asked to log in on a Web page built by the criminals. If anyone enters their email credentials here, hackers gain access to their accounts.
Symantec concludes the blog post by advising caution. "Symantec advises all users to be on guard for unsolicited, unexpected, or suspicious emails. If you are not sure of the email's legitimacy then don't respond to it, and avoid clicking on links in the message or opening attachments."