A new spear-phishing attack using the World Health Organization (WHO) trademark to lure users has been discovered by researchers at FortiGaurd Labs. The researchers first observed the COVID-19 themed scam on March 27, reporting that threat actors have created a new spearphishing email campaign that spreads the LokiBot trojan. The email claims to be from WHO and states that it addresses misinformation related to the pandemic in the email.

However, the email instead contains a malicious attachment that installs the LokiBot information-stealing trojan on the victim’s device. Although the message, which is written in English, has some legitimate characteristics, it is clear that the cybercriminals who wrote it do not speak English as a first language due to some obvious grammatical issues.