Security & Privacy

Cybercriminals are preying on coronavirus fears

Posted on by

Whenever there are global news headlines that generate a lot of public interest, especially stories that may cause panic, you can bet that cybercriminals will try to leverage the situation to their advantage. Such is the case with the coronavirus (COVID-19) pandemic.

Coronavirus scams abound

Last week, the SANS Internet Storm Center reported that fraudulent e-mails have begun circulating that claim to be from the World Health Organization (WHO), with a link to a deceptive Microsoft Word document that, when activated by an unsuspecting victim, attempts to disable the built-in malware protection on Windows computers, and then attempts to download Windows malware.

Similar reports have surfaced from other malware analysis labs, detailing malicious Microsoft Office (Word, Excel, and PowerPoint) documents that attempt to infect Windows PCs.

In early March, there was even a fraud site claiming to offer a “Corona Antivirus” to allegedly “combat the virus using a mobile phone app.” Obviously, this is a ridiculous claim, but scammers will try just about anything if they think they can trick a few people into giving them money or installing malware. The earliest version of this scam site asked for donations in Bitcoin, and a later rebranding of the site instead distributed Windows malware.

At this time, we are not aware of any coronavirus-related malware specifically designed to infect Macs. We will update this article if any such Mac-infecting malware is discovered.

Aside from malware campaigns, cybercriminals have been making other attempts to defraud victims. One example is a fraudulent site that deceived victims into purchasing a supposed “WHO vaccine kit” for COVID-19—even though no vaccine actually exists at this time. The U.S. Department of Justice issued an advisory on Sunday detailing its efforts to take down the scam site.

The DOJ’s COVID-19 fraud information site ( advises:

If you think you are a victim of a scam or attempted fraud involving COVID-19, you can report it without leaving your home though a number of platforms. Go to:


• Contact the National Center for Disaster Fraud Hotline at 866-720-5721 or via email at [email protected]
• Report it to the FBI at
• If it’s a cyber scam, submit your complaint through

Intego is working hard to keep you safe

Several Intego customers have inquired about the impact of COVID-19 on our company operations and staff. Our teams around the globe are following local guidance and are safely working from home, and there has not been any negative impact on Intego operations.

Our threat hunters and analysts are constantly on the lookout for new Mac malware, including but not limited to any malware exploiting the COVID-19 situation. Users of Intego’s VirusBarrier X9 software—included with Mac Internet Security X9 and Mac Premium Bundle X9—can take comfort in knowing that Intego will protect you from any new malware threats.

If any coronavirus-related malware that infects Macs is discovered, VirusBarrier X9 users will be protected via automatic updates, and we will also update this article with additional information to keep you informed.

Where can I learn more?

You can avoid COVID-19 scams by sticking to safe, official sources of news and information, such as:

  • — U.S. Centers for Disease Control and Prevention
  • — World Health Organization

If you are among the many workers worldwide who’s having to work from home, be sure to read our tips for setting up a productive home work environment and routine, and listen to our latest podcast episode:

5 Tips for Working at Home – Comfortably and Productively

Subscribe to Intego’s e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple, security, and privacy news.

Follow Intego on your favorite social and media channels: Facebook, Instagram, Twitter, and YouTube (click the 🔔 to get notified about new videos).

About Joshua Long

Joshua Long (@theJoshMeister), Intego's Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master's degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple ID authentication vulnerability. Josh has conducted cybersecurity research for more than 25 years, which has often been featured by major news outlets worldwide. Look for more of Josh's articles at and follow him on X/Twitter, LinkedIn, and Mastodon. View all posts by Joshua Long →