Since its inception, the COVID-19 pandemic has given birth to a multitude of opportunities for threat actors looking for ways to make quick money, distribute malware, and steal credentials. One of the popular attack vectors that continue to revolve around attackers is targeting the Small Business Administration (SBA) COVID-19 relief loan.
Here’s a look at how cyber crooks tapped into COVID-19 relief loans to fulfill their malicious intents.
A channel to distribute malware
Attackers leveraged fake SBA relief loans as a lure to distribute malware, such as GuLoader, Zeus Sphinx, SILENTNIGHT banking malware and Remcos RAT.
These malware were dispatched in the form of attachments through emails disguised as either the U.S. Government SBA (SBA.gov) or organizations that distributed the COVID-19 relief funds.
These emails were designed in a way that enabled criminals to load malware of their choice without being detected by antivirus.
Moreover, a survey conducted by IBM in April revealed that close to 40% of small business owners had received at least one email pretending to be from fake SBA officials. However, the actual purpose of these emails was to deploy malware on user devices.
A giveaway for phishing attempts
The second wave of SBA phishing attacks is primarily used to collect credentials and other personal information from victims.
Lately, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) released an spoofing small business administration purposes
: One Scam, Many Purposes){kind=link}