Coronavirus Scams Are Stealing Passwords: What to Do

Coronavirus Scams Are Stealing Passwords: What to Do

The Folding@home project, which since 2000 has used the CPU and GPU cycles of millions of volunteers' home and workplace computers to solve biomedical problems, recently took on another worthy cause: finding a cure for the coronavirus.

Sadly, the publicity surrounding this noble endeavor drew the worst kind of attention. According to researchers at security firm Proofpoint, online criminals are using the Folding@home Corona virus campaign to trick victims into installing malware that steals information.

The malware, with the file name "foldingathomeapp.exe," is actually a Trojan horse called "RedLine Stealer." This malware steals stored passwords, credit card numbers, and login session cookies from browsers.

RedLine Stealer also ransacks your computer to figure out your username, hardware setup, location, and what anti-virus software you are using. The new feature steals any cryptocurrency you may have stored on your machine.

To avoid falling victim to this scam, resist any offers to download Folding@Home software from links in emails or social media posts. Instead, go directly to the official Folding@Home download page. (There you will find the name of the real Windows installation software is "fah-installer_7.5.1_x86.exe.")

You want to make sure you are running one of the best anti-virus products to block this type of malware. Also, don't let your browser store credit card numbers and passwords for important accounts such as email, social media, banking, shopping, and financial transactions.

Instead, install and use the best password management software that will keep track of your passwords and credit card numbers. It is much safer than a browser to store important information.

The scam begins with an innocent e-mail asking you to help fight the contagion of the coronavirus by downloading and installing Folding@home client software.

In the version of the email that Proofpoint confirmed, the subject line of the email was "Please help us fight the coronavirus," and the email appeared to be sent from someone at LiteGait, an Arizona company that manufactures physical therapy and medical rehabilitation equipment. The text of the email also included the company's alias, Mobility Research Inc.

There is no reason to believe that this company is knowingly involved in this scam. Rather, it appears that the domain name has been spoofed or hijacked.

Clicking on the LiteGait site brought up a pop-up warning of scareware and installing Adobe Flash Player. After a few minutes, however, everything appeared normal, so the criminals may have only temporarily hijacked the site's DNS list.

By the time you read this, the scammers will probably have spoofed another email domain, perhaps using a new subject line. However, they are still trying to get you to install the Folding@home client to fight the Corona virus. Let's stop.

Categories