Hackers using coronavirus to spread malware online
Hackers use the coronavirus crisis in full swing for sending you a computer virus. We have seen a number of spam campaigns using COVID-19 as a decoy to trick people into installing a variety of malware, but mostly data thieves. The number of phishing attacks using email, social media links and transfers to instant messaging platforms showed an increase of 39% in India alone, according to the research team. Our security research companies have uncovered vile acts of hackers taking advantage of the fear of the coronavirus epidemic to spread malware via email. More people than ever work from home, often with fewer security defenses on their home networks than they would have in the office. Even in critical infrastructures and other highly sensitive environments where it would be impossible to work safely at home. And in times of stress or distraction, people are more likely to succumb to malicious scams and tricks.
Hackers are using Fake pandemic map websites to steal your sensitive data
Hackers have found a way to steal private information from users by using maps that show the spread of the coronavirus. A threat analysis report on the subject indicates that hackers are spreading malware that they disguise as a coronavirus card. This malware, once analyzed, was found to steal user credentials, including passwords, credit card numbers and other browser information. This malware has been found to use known malware called AZORult to steal sensitive information from users.
Cybersecurity researcher Shai Alfasi of Reason Labs reports that hackers were modifying URLs or adding different details while retaining the authentic look of the original website, preventing users from doing something wrong. The report says that the malware’s graphical user interface (GUI) looks very compelling and that it collects information from the web to display accurate readings for the coronavirus. Once the user visits these websites, he is prompted for a download which is disguised as an application which provides the latest information on the spread of the virus.
This app then collects private data that hackers can use to sell on the Deep Web, access social media, or operate bank accounts. According to the report, the malware “activates a strain of malware known as AZORult” which was first discovered in 2016. “It is used to steal browsing history, cookies, identifiers / words password, cryptocurrency and more. It can also download additional malware to infected machines, “he adds.
One of the applications analyzed by Alfasi was called Corona-virus-Map.com.exe. It is 3.26 MB and since it is present in .exe format, it can only infect Windows machines from now on. Shai executed “procmon” at the same time as the malicious application and found a “multi-sub process created by” CoronaMap.exe “which is not the root process”. This .exe file creates another file called Corona.exe which is an archive that contains runtime commands. Upon further investigation, Shai discovered that the malware had stolen login data from users’ browsers and moved it to “C: \ Windows \ Temp” and created a file called “PasswordList.txt” which stores all of the information.
Coronavirus phishing emails: How to protect against COVID-19 scams
COVID-19 is used in a variety of malicious campaigns, including email spam, BEC, malware, ransomware, and malicious domains. As the number of people affected continues to increase by the thousands, campaigns that use the disease as a decoy are also increasing. Trend Micro researchers regularly search for samples from malicious COVID-19 campaigns. This report also includes detections from other researchers.
“There are emails with subject lines such as” Emergency Declaration for Coronavirus “,” 1000 Coronavirus Deaths in the Last 16 Hours “and” This Medication Could Save Your Life ” , emails asking for donations on behalf of the World Health Organization (WHO) were also found. “
Coronavirus online scams: Documents and URL website scams
Meanwhile, pandemic-themed phishing and scam websites are exploding on the web; some reports estimate that thousands of new domains appear every day
These files have a malicious payload that could encrypt files, steal / exfiltrate data, and delete backdoors. These file types include “corona_health_update.pdf (assigned to disease control centers), origin-of-corona_cnn.mp4, covid19_mandatory_work_from_measures.pdf, corona_safety_alert.docx and secondary_corona_infections.pdf”.
Screenshot of a malicious file distributed via the “Coronavirus Email Virus” spam campaign detected on VirusTotal:
Coronavirus affects online shops and services
All over the Internet, online fraudsters are trying to take advantage of the coronavirus crisis to encourage worried buyers to buy products that later prove to be false or non-existent.
These scammers are known to approach frightened users on social media or sometimes directly by email. Many claim to have looked for products such as handwashing, hand sanitizer, and face masks. However, when users bought and bought these products, many found the products to be of poor and poor quality – if ever the products arrived.
Once a user installs the application available on the Corona Antivirus site, their computer will be infected with malware. The installation file, which contains the Themida commercial packer, will transform a user’s PC into a bot ready to receive commands.
After inspecting the command and control server, it was discovered a control panel for the BlackNET botnet. The full source code for the BlackNET Toolkit was published on GitHub a month ago and some of its features include deploying DDoS attacks, screenshots, stealing Firefox cookies, stealing words from saved passwords, keylogger implementation, script execution and theft of Bitcoin wallets, among others.
What should you do?
- You must first make sure to use only the verified coronavirus dashboard, since several false and unverified ones are also available online.
- Sometimes it can be difficult to tell the difference between verified cards and fake cards. Check the URL of the fake dashboards as it will be different from the original one. This may include misspellings, poor grammar, and a different font style.
- Make sure to check the developers of the dashboard and also the domain name. It is advisable to look for reliable contact information. Check the coordinates.
- Check the cards carefully as they will look and work differently from the verified or original cards.
- Be wary of requests for personal information online. Never reply to the e-mail with your personal data.
- Check the email address or link. You can inspect a link by placing your mouse button over the URL to see where it leads.
- Watch for spelling and grammatical errors. If an email contains spelling, punctuation, and grammar errors, it is likely a sign that you have received a phishing email. Delete it.
What are the national authorities doing to fight the crooks, hackers and phishers of Coronavirus?
As the whole world has been affected by Coronavirus, it is difficult to say what each country is doing to stop the spread of piracy, scams and phishing in the midst of this crisis. However, in the United States at least, the Federal Trade Commission (FTC) has stepped in to offer advice to consumers. They advise:
- Hang up on automated calls. They say scammers may try to present coronavirus treatments or work at home programs over the phone, often using pre-recorded messages.
- Ignore online offers for immunizations and home test kits. Only the FDA should administer these items. So far, no such kit has been approved.
- Check all the information. Do not act or pass on information if you cannot verify its validity.
- Look for sellers online. Make sure they are who they say they are.
- Ignore texts and emails regarding government financial support. You will know all the details of government assistance when they are communicated through an official channel.
- Do not click on suspicious links or download attachments.
- Be wary of emails claiming to be from official sources. Scammers can try to impersonate organizations such as the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO). They can also claim to be individual experts.
- Don’t be in a hurry to donate. Not until you are absolutely certain that the person or organization asking for the money is genuine and in need.
Choose the right protection
During this time, it is important to stay safe at home and online. The number of scams we have seen in the past few weeks shows that criminals will benefit from any situation, no matter how serious. We recommend that you keep your computer up to date and be extremely careful when downloading new programs. Beware of instant notifications and other messages, even if they appear to be from friends.
RAM Antivirus users were already protected even though we had never seen this malware sample before, thanks to our machine learning engine. If your aren’t using any antivirus, download from our official website for free.