Threat Actors Using Omicron COVID-19 Phishing Lures

December 26, 2021

Recently, CYREBRO has observed an increase in phishing campaigns exploiting the recently emerging ‘Omicron’ Covid-19 variant.
Threat actors are attempting to deliver malware to the victim and/or harvest the victim’s data, such as banking credentials, passwords, etc.

In recent events, threat actors have been observed impersonating national health organizations, promoting a “free PCR test” in return for personal information and a “small delivery fee payment”, to steal credit card information.

Threat actors have also been observed sending an email titled “Covid-19 Test Results”, attached with a malicious document (typically an excel spreadsheet document with a macro), which delivers the Dridex malware to the victim.

Threat actors will typically use a sense of urgency, authority, and anxiety to their advantage, this is especially so when exploiting a common fear factor such as the Coronavirus.


CYREBRO recommends informing employees regarding the ongoing increase in phishing campaigns of this type, and to remind them to be vigilant regarding any received email, text, and unknown communication in general.

  • Do not click on any suspicious links or files, especially from unknown senders.
  • Do not willingly give away sensitive and private information easily, and do not click on unfamiliar links and attachments.
  • To mitigate the possible risk of compromise, it is recommended to use strong and different passwords for each service,  and enable Multi-Factor Authentication where possible.

CYREBRO will continue to monitor the situation and will act accordingly to any development.

Source: Bleeping Computer | SecurityAffairs

Sign Up for Updates