Sick and tired: Ebola malware making the rounds

3 min read

We’re fanatical about your privacy and security.

What are your chances of contracting Ebola, the awful haemorrhagic fever spreading through West Africa? Despite recent media coverage the answer is extremely low since the virus isn’t airborne. As a recent Vox article points out, you’re far more likely to be a victim of“tip-over”, which is what happens when heavy furniture or appliances fall down and kill you — 30 people per year in the United States die from this “threat”.

Public perception, meanwhile, holds fast that Ebola is coming, and coming soon. So it’s no surprise that a group of hackers has been leveraging Ebola panic to spread new malware — that’s right, humanity is just as bad as you always imagined. Here’s what to watch out for.


According to The Verge, scammers are using several legitimate-looking sources in an effort to make you open malware-laden emails. The most worrisome supposedly come courtesy of the World Health Organization (WHO) and claim to be “safety tips” for combating the spread of Ebola. These emails likely contain a variant of the DarkComet Remote Access Trojan (RAT), which gives attackers access to your files, webcam, passwords and just about anything else on your computer. What’s more, it can hide from most antivirus programs.

Other emails are coming from “the Mexican government”. Apparently, Mexican officials are so concerned about the Ebola patients in nearby Texas that they’re spamming American users with emails about how to “cure” the disease. These ones come with detailed instructions on how to enable the Macro function of Microsoft Word, which is then used to download a malware attachment. Not content with just hacking your computer, these attackers are making you do some of the work.

Also interesting is how perfectly many of the email subject lines capture current Ebola fears. For example:

  • What you really need to know about the deadly Ebola outbreak
  • SHOCKING Health Alert: Secret Cure for Ebola?
  • CDC Alert: 1.4 Million EBOLA Victims by January?
  • First GMO Foods, now Ebola. What Obama doesn’t want you to know

Luckily, security firm Trustwave says this malware campaign is fairly low-volume, but that doesn’t change facts: users are sick and tired of being scammed.

Perpetually Terrible

And guess what? This isn’t the first time attackers have used tragedy and disease to steal passwords and other personal data. In March, scammers leveraged public interest in the disappearance of Malaysia Airlines flight MH370, creating fake Facebook posts that claimed the plane had been recovered in Bermuda. When users clicked on a video purporting to show the dramatic rescue they were redirected to first “like” the hackers’ page and then download a video viewer which was — you guessed it — malware.

In 2009, attackers created an email campaign centered around the H1N1 outbreak. Users received notification that they’d been chosen for a government vaccine program and were then directed to a legitimate-looking CDC website where they gladly entered all sorts of personal information. And in 2005, Bird Flu panic led to a malware attack using Word documents that supposedly contained critical information about the epidemic. When opened, the document installed the Ranky-FY Trojan, which enabled malicious actors to control any infected computers.

Lock it Down

With scammers always on the lookout for the next big panic, how do you stay safe? First off, do yourself a favor and start running a secure VPN whenever you connect. Sure, it won’t protect you from clicking on something ridiculous but it severely handicaps attackers looking to spy on what you do online and then create a behavior-based phishing attack. Maybe you live in Texas; maybe you are concerned about Ebola and want to know more, but don’t give that away to malicious attackers: lock down your connection and encrypt your data.

Also, don’t open anything that contains the words “SHOCKING”, “ALERT” or for good measure “OBAMA” in the subject line. If you’re curious about what’s contained in the email do a quick search — you’ll either turn up useful information or get warned off because it’s a scam.

Want to stay safe? Secure your connection, don’t take scammer bait — and maybe stay away from large, precariously-balanced televisions.

ExpressVPN is dedicated to your online security and privacy. Posts from this account will focus on company news or significant privacy and security stories.