Cyber criminals used fake NHS website to distribute infostealer malware

Cyber criminals used fake NHS website to distribute infostealer malware

Cyber criminals used fake NHS website to distribute infostealer malware

Cyber criminals are using a spoofed copy of the NHS website to lure Internet users to download malware that is designed to steal passwords and credit card data from browsers and device files.

Security researchers at Kaspersky recently discovered the fake NHS website that used fonts, language, and interface that was very similar to the ones on the genuine NHS website. The fake website advised visitors to download instructions that included advice about staying at home, how to avoid infection, and how to use the 111 Coronavirus service.

Kaspersky researchers discovered that once a user chooses to download instructions from the fake NHS website, the site unloads a password-stealing malware disguised as “covid19.exe” that is capable of stealing passwords and credit card data from browsers, files and other data stored on the victim’s computer. Worryingly, the malware can also download additional malware on the host device if commanded by cyber criminals to do so.

“This particular piece of malware is able to steal saved passwords, credit card data, cookies from lots of popular browsers and cryptowallets files. It also can take a screenshot and gather system information. All of this data is then packed and sent to the cybercriminals,” Kaspersky warned.

This is how the fake NHS website looks like:

The firm recommends that even if Internet users are tricked by cyber criminals to download harmful malware into their systems, they can prevent their devices from infection by using reputable Internet security products, regularly updating operating system and applications, using complex and unique passwords for different online accounts, not clicking on links in unsolicited messages, and making regular backups of their data.

If you observe any fake website masquerading as a genuine one and asking users to download suspicious files or enter their personal information, you can report the website to the National Cyber Security Centre at

The new ‘Suspicious Email Reporting Service’ was launched by NCSC earlier this week in response to cyber criminals exploiting the COVID-19 crisis to defraud people into downloading malware or sharing their personal information. Within a day of launching the service, NCSC received over 5,000 complaints concerning suspicious emails and successfully shut down 83 malicious web campaigns.

“The immediate take-up of our new national reporting service shows that the UK is united in its defence against callous attempts to trick people online. While we have not seen a rise in email scams in the last month, coronavirus is the top lure currently used to conduct cyber crime, exploiting public unease and fear of the pandemic,” said Ciaran Martin, chief executive officer of NCSC.

“We hope the success of the Suspicious Email Reporting Service deters criminals from such scams, but if you do receive something that doesn’t look right forward the message to us – you will be helping to protect the UK from email scams and cyber crime,” he added.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]