BlackNET RAT
Cyber crooks from all around the world are attempting to take advantage of the Coronavirus (COVID-19) pandemic that has gripped the globe. These shady individuals are trying to benefit from people’s fear by offering to provide them with various tools and services that may help them during these testing times.
Malware researchers have detected two bogus websites that claim to offer users an anti-virus application recently, which is supposed to protect them from the Coronavirus. This dodgy offer can be found on ‘antivirus-covid19.site’ and ‘corona-antivirus.com.’ It is rather bizarre that the creators of these pages offer a supposed online solution to a real-life virus, and it is not likely that many users will fall for this scam. The fake anti-malware solution is named ‘Corona Antivirus.’
As if it wasn’t bad enough having to be worried about coronavirus in the real world, many malware creators and scam artists are using it in their digital attacks. There’s been a rise in scam campaigns luring people with false information about COVID-19, with most of the scams relating to ransomware and data-stealing viruses.
With more people working from home now, there’s never been a greater need to keep your computer secure. Computer security is especially vital for those who connect to their company network. The problem with securing your computer is that not every antivirus is created equal. Some of them infect your computer instead of protecting it, such as the Coronavirus Antivirus fake antivirus.
Table of Contents
The Totally Fake Antivirus Infecting Your Computer
One of the more recent scams to appear is the website antivirus-covid19.site. The website advertises the “Corona Antivirus – World’s Best Protection” as they put it. Scammers are now attempting to trick people into downloading a computer antivirus program that they claim somehow protects users against real-life COVID-19 infections. The homepage for the website is displayed below;
The website owners attempt to explain how their antivirus works by saying:
Our scientists from Harvard University have been working on a special AI development to combat the virus using a windows app. Your PC actively protects you against the Coronaviruses (Cov) while the app is running.
Victims are Infected with BlackNET RAT
Don’t fall for the obvious scam here. There’s no way a computer program could actively protect you against coronavirus. No, what this program does is infect your computer with the BlackNET RAT malware. The malware, packed together with Themida, prepares your PC and adds it to a bot network ready to be deployed as needed;
- hxxps[://]instaboom-hello[.]site//connection[.]php?data=[removed]
- hxxps[://]instaboom-hello[.]site//getCommand[.]php?[removed]
- hxxps[://]instaboom-hello[.]site//receive[.]php?command=[removed]
Accessing the Instaboom website, as shown in the links will take you to the control panel for BlackNET.
What Can BlackNET RAT Do?
Researchers have spent time and effort researching BlackNET RAT and have compiled the source code. Here’s what the RAT can do to your computer;
- Deploy DDOS attacks
- Take screenshots
- Steal cookies from browsers
- Steal saved passwords from browsers
- Implement a keylogger
- Execute scripts
- Find and steal Bitcoin wallets
Countless cyber crooks are using the Coronavirus pandemic to distribute malware or run online tactics, so users need to be very wary when browsing the Web. Do not forget to protect your system and your data with the help of a legitimate anti-malware solution.
