COVID-19 Key Developments: March 28-April 3

Flashpoint analysts share their observations from the week of March 28 through April 3 with regards to disinformation trends and cybercrime.

New Disinformation Trends:

Misinformation and disinformation continues to spread on social media platforms and via chat services. Narratives and major developments observed by Flashpoint analysts include:

5G-related conspiracy theories:

• A new antivaxxer conspiracy narrative claims that a combination of 5G infrastructure and flu vaccines is to be blamed for the pandemic. This is an offshoot of another widespread conspiracy theory that 5G infrastructure caused the virus. The narrative saw several misleading videos and pictures, allegedly showing radiation around 5G infrastructure or schools being ordered to install 5G infrastructure, propagated online.

Some narratives have attacked the (as yet nonexistent) COVID-19 vaccine:

• A pastor of the Soldiers for Christ Community Church claimed that there is a conspiracy involving the US government that aims to make people take the “COVID19 vaccine” to kill them with it. Another version of this narrative claimed that the COVID-19 will come with “chips” that will be planted in people. Other narratives that evolved from the 5G conspiracy theory have attacked testing kits with similar arguments.

Disinformation and misinformation about possible cures continues spreading on various social media platforms:

• The antimalaria drug hydroxychloroquine (used together with azithromycin and zinc) is being considered as a possible remedy to use on COVID-19 patients. So far, tests have been inconclusive, and medical professionals have warned against overusing the drug or self-medicating with it. This has not stopped the spread of speculation and misleading content overstating the results of testing. The narrative was amplified by people with wide reach—notably US President Donald J. Trump, entrepreneur Elon Musk, and former New York mayor Rudy Giuliani who interviewed New York-based doctor Vladimir Zelenko on YouTube. Zelenko claimed that he had treated 699 patients successfully with the drug. Zelenko wrote a letter to Trump that was published by Globalresearch[.]ca, a website known for spreading disinformation.
• The shopping platform “Shopify” removed a shop that advertised ineffective materials such as Vitamin D and silver-based concoctions as COVID-19 remedies.

Competing misinformation narratives about what country allegedly caused the pandemic continued to spread online:

• A widely distributed video featuring a retired Russian general claimed that COVID-19 was invented by the “deep state” to keep the world’s population under control by killing millions of people.
• Misleading or speculative material linking the origin of the virus to Italy appeared in both in Chinese state-owned media and in the content distributed by disinformation actors seemingly backed by China. The Chinese disinformation campaign, which appears to be state-backed and centrally controlled, has used Russian-linked disinformation infrastructure but is significantly vaster than any Russian disinformation effort during the COVID-19 pandemic.

Cybercrime and Coronavirus:

• Malicious actors are taking advantage of global uncertainty and exploiting them through attack vectors that include tailored phishing lures and custom malware. Numerous domains and scampages continue to appear as threat actors leverage the pandemic to carry out various online fraud schemes.
• FireEye reporting revealed social engineering campaigns that will likely use the lure of the economic stimulus bill. FireEye predicts that financially motivated cyber actors will likely add some of the below themes to their attempts at phishing and social engineering, in order to compromise data: unemployment topics, loans for businesses of all sizes, stimulus-related checks, processing, transfers, etc.
• This expected uptick comes after mid-March, 2020 activity that saw financially motivated actors try to deploy SILENTNIGHT, also known as Zloader malware, using “COVID-19 Payment” themed emails. The digital attack surface during the coronavirus pandemic increases as more organizations work remotely.
• In addition, The Department of Justice issued emphasis on March 30, 2020, that cures, treatments, and vaccines related to coronavirus will not come via email, advertisements, or other unsolicited platforms. The emphasis was to prevent fraudsters taking advantage of potential courses of treatment.
• Researchers have identified a new malware, dubbed “CoViper, a wiper that breaks an infected computer’s boot operation, by rewriting the Master Boot Record (MBR) located on the computer’s disk.
• Threat actors have begun carrying out “Zoom raiding” or “Zoom bombing,” the practice of joining and disrupting Zoom conferences without being invited. The Flashpoint team recommends reviewing this article on Medium around staying secure on Zoom given these opportunistic threats.