COVID-19 inspires Nigerian scammers to launch waves of BEC campaigns

Nigerian cybercriminal actors are shamelessly exploiting the COVID-19 pandemic to infect government health care agencies, academic medical programs, medical publishing firms and more with malware, largely for the purpose of conducting Business Email Compromise operations.

In a company blog post, researchers with Palo Alto Networks’ Unit 42 threat intelligence team have reported observing three prominent actors launch a total of 10 coronavirus-themed BEC phishing campaigns between January 30 to April 30. Local utilities and utilities have also been among the targets of these scammers, whom collected Unit 42 refers to as SilverTerrier.

Unit 42 has tied eight campaigns directly or indirectly one single Nigerian actor who has used a variety of phishing email content disguised as official COVID-19 updates and information to distribute the remote access trojans/spyware Agent Tesla and NanoCore, and the LokiBot information stealer.

The researchers also identified two distinctly separate campaigns — one associated with the name Alhaji that also favored LokiBot for stealing information, and another going by name Black Emeka that used PowerShell to download malicious executable files onto victims’ machines.

Typically in BEC scams, the attackers impersonate or spoof legitimate individuals, organizations, employers or business partners in order to trick employees at an organization into revealing sensitive data or transferring funds into a malicious bank account.