CERT warns against malware being sent through email

COLOMBO (News1st): Sri Lanka's national centre for cyber security (CERT) has warned email users on receiving malware that could steal data including personal information.

"With COVID - 19 crisis, cyber criminals are busy scamming and delivering malware using the attention-getting virus as a lure," CERT said in a statement.

The cyber security centre, citing an advisory of the United States Secret Service said, cybercriminals are using a two decade old Microsoft Office memory corruption vulnerability to send malware. The malware could steal credentials and personal information, and cause a user to lose control of their machine, CERT stated. It added that if the same password is used on other applications or computers in the same network, all devices could get comprised. "An attacker will send a phishing email disguised as coming from a hospital," the statement read. CERT warned that the e-mail contains malware infected attachment mostly microsoft office documents such as excel files and word documents. "There are chances that the attacked could send an email with .EXE file disguised as an PDF file," CERT noted. It added that the PDF file can fool recipients into believing that they were opening a PDF filed containing a list of needed supplies.