Group-IBs CERT-GIB analyzed hundreds of coronavirus-related phishing emails between February 13 and April 1, 2020. Spyware turned out to be the most common malware class hiding in fraudulent COVID-19 emails. AgentTesla (45%), NetWire (30%), and LokiBot (8%) were the most actively exploited malware families. Most of the emails detected were in English. Those behind such phishing-related campaigns target government organizations and private companies. The emails were masked as advisories, purchase orders, face masks offers, and alerts.”]
Source: https://securityaffairs.co/wordpress/101327/malware/top-malware-coronavirus-campaigns.html