e-Crime threat actor Mummy Spider has been observed capitalizing on the current Coronavirus scare by using the outbreak as a phishing attack theme. The attackers have crafted official looking emails in an attempt to lure unsuspecting victims into opening a document infected with Emotet:
The emails falsely claims that there are reports of coronavirus patients in the Gifu, Tottori and Osaka prefectures in Japan, urging victims to read an attached Microsoft Word document which contains the Emotet trojan. The messages are particularly dangerous because they were made to look like official government emails, equipped with legitimate addresses, phone numbers and emails.
The emails have predominantly been composed in native Japanese language, and have spoofed a number of prefectural governments across Japan, to include the Kyoto Prefectural Yamashiro Minami Public Health Center.
Malicious actors, especially e-crime adversaries, often use current events in spear-phishing campaigns. Playing on peoples fears is quite common, and leveraging official-looking communications make these campaigns difficult for the average citizen to discern between what is true and what is fake.
If you are a recipient of these types of emails, before opening any attachments ask yourself the following question: did I provide my email address to the Ward Office or City Hall?
If the answer is no, then quite obviously do not open the attachment because it is most likely malicious.
If the answer is yes, then cross-reference the communication with what is listed on their web site, or even call to check if this is valid. Local governments will generally not inform their inhabitants via email with a requirement to open an attachment. They will generally post important information on their web site, and social media accounts, as email cannot be trusted. Even in Japan.
As a general rule, never open an unsolicited email attachment unless you are one-hundred percent sure of its authenticity.