Thousands of Coronavirus-related malicious domains are being created every day

The Coronavirus-themed attacks continue to increase, experts warn of thousands of COVID-19 scam and malware sites are being created every day.

Crooks and nation-state actors continue to exploit the interest of potential victims in the Coronavirus outbreak.

In recent weeks, we observed that threat actors are creating thousands of coronavirus-themed websites on a daily basis.

The sites are employed in a broad range of attacks, including phishing attacks, frauds, and malware-based attacks.

Since February, we are observing thousands of new Coronavirus-related domains containing keywords like Coronavirus, COVID19, COVID, pandemic, vaccine, virus.

The security researcher who goes online by the name of DustyFresh is one of the experts that monitored the alarmin trend.

I started seeing a lot of scams and malware related to COVID-19, so I created a feed that is updated every 30 seconds if a new COVID-19 related hostname is discovered in certificate transparency logs.— dustyfresh (@dustyfresh) March 14, 2020The experts published a list containing thousands of COVID19-related domains created between March 14 and March 18, most of them potentially malicious.

The list only analyzed sites containing the word “coronavirus,” clearly extending the search for other terms (i.e. COVID19, vaccine, etc.) and to a longer period, we can find tens of thousands similar websites.

A similar research was conducted by researchers from security firm RiskIQ that shared several lists of COVID19-related malicious domains.

Attacks using #COVID19 are reprehensible. Unfortunately, they’re now rampant. To enable the research community, we’re providing lists of newly observed infrastructure matching coronavirus themes. Apply code COVID19 in @PassiveTotal for 30 days of access:— RiskIQ (@RiskIQ) March 16, 2020Data reported by RiskIQ are disconcerting, the experts observed more than 13,500 suspicious domains on March 15 and more than 35,000 domains on March 16.

ZDNet proposes a dashboard, which aggregates RiskIQ’s feed and lists domains in real-time, as they’re being discovered.

Security experts from Trend Micro also published an interesting analysis of Coronavirus-themed attacks, they observed a notable increase in domain names using the word “corona.”

259 .COM domain names with the keyword “corona” have been newly registered or updated in the last 24-48 hours.— Jeremiah Grossman (@jeremiahg) March 2, 2020

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
catch (error) {}

Pierluigi Paganini

(SecurityAffairs – COVID19, hacking)

The post Thousands of Coronavirus-related malicious domains are being created every day appeared first on Security Affairs.