View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Coronavirus-Related Domain Registrations Rise 6,000 in a Week

Coronavirus-themed malware discounts proliferate on the Dark Web

By claudia glover

More than 6,000 Covid-19 and coronavirus-related web domains have been registered in the past week, security researchers say, with large numbers of them malign.

According to a report released by software company Check Point, in the past three weeks alone, more than 2,200 of these new sites were found to be suspicious and 93 were confirmed as malicious and dangerous to visitors.

Since the beginning of January, when the initial outbreaks were being reported, over 16,000 new coronavirus-related domains have been registered.

What Should You Be Looking Out For?

Many of the malign domains are trying to attract those panic-buying.

Two that have been found to be malicious are “” and “”. (Dear readers, please don’t visit them…)

Many are delivering ransomware to endpoint devices. CovidLock is a typical example.

Covid-Lock seizes control of the device by luring the victim into enabling accessibility to up to date Covid-19 statistics. A lock screen will then appear with a message that threatens the wiping of their device unless they pay $300 in bitcoin.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Read This! Israeli Gov’t Approves Phone-Tracking to Combat Coronavirus, Enforce Quarantine

­Alex Guirakhoo, a strategy and research  analyst at Digital Shadows outlined these dangers to Computer Business Review:

“Domain impersonation is rife and criminals will always seek to capitalise on a crisis. Domains can be bought for around a £1 or even less sometimes with likely no checks from the provider. Whilst many organisations will probably use a common top level domain such as .com .org or .gov, wannabee criminals could purchase something like “.io” and use this to lure unsuspecting people to a malicious website or use that domain for phishing exercises.

“Many of these malicious domains are impersonating the World Health Organisation and healthcare organisations. Domains like these can be used to spread misinformation, host phishing pages, impersonate legitimate brands, and sell fraudulent or counterfeit items”.

Read This! Trend Micro Offers Six Months’ Free Use of Endpoint Protection Software

January’s Global Threat Index showed that cyber criminals are exploiting interest in the pandemic to spread malicious activity, with several spam campaigns relating to the virus.

From January there have been 41,500 spam emails about coronavirus or Covid-19, with malicious links in them targeted at email addresses registered within the UK, according to a report released by server and cloud security developer Trend Micro. This is almost a third of all malware attacks within Europe, the Middle East and Africa.

Where do Threat Actors Get the Tools?

The dark web has also been alive with coronavirus related activity. Special offers by different hackers promoting their goods, usually malicious malware or exploit tools, are being sold over the dark net under offers with COVID-19 or coronavirus as discount codes, targeting wannabe cyber-attackers.

Examples of these were released by cybersecurity company Digital Shadows yesterday. One reads: “Corona Virus Discount! 10% off ALL products” another showcasing goods at special rates called “WinDefeder bypass” and “Build to bypass email and chrome security”.

In the past month alone, there has been a 738 percent increase in the number of COVID-19-related terms on dark web sources.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.