The ongoing outbreak of the coronavirus is now disrupting business across the world, but apparently cybercriminals have no days off, since they're just as active as they were before the beginning of the outbreak. It appears they are now capitalizing on the fears of the people regarding the pandemic.
It was back in January that the hackers started using the coronavirus threat as a focus of an email campaign that infected users with malware, and now they are expanding their operations to coronavirus outbreak maps that follow the number of infections and deaths across the world.
Many organizations are feeling the pressure from these attacks, such as John Hopkins University who created dashboards to keep track of the spread of the contagion. There are many people relying on the dashboards to keep track of the latest infection numbers in their country and elsewhere across the world.
A security researcher working at Reason Labs, Shai Alfasi found out the hackers are now putting effort into making fake versions of the dashboards that aim to steal people's personal information, such as names, passwords, banking details and more that end up stored in the browsers.
Unlike the legitimate and official coronavirus dashboards, these fake versions attempt to trick users to download an application that allegedly helps them stay up to date with the way the situation develops. The application doesn't need to be installed to infect a computer with further malware, however. It would appear at this time that this new malware is affecting only Windows devices, but Alfasi shared that they expect the hackers will find ways to develop more versions that infect other operating systems.
This Week in Malware Video: A CoronaVirus Malware Alert discussing how hackers are continually leveraging the COVID-19 epidemic to spread malware, phishing emails, fake apps, fake websites, and malware-laced advertisements.
The Fake Coronavirus Maps
A blog post that detailed the findings of Alfasi explains that the fake coronavirus maps are working by the use of a malicious software named AZORult. They are using this to infect machines by using this information stealer that was first spotted in 2016. It is used to get away with stealing cookies, browsing history, IDs and passwords, as well as cryptocurrency and even more. It may also lead to downloads of more malware on machines where they operate. AZORult is also commonly sold on the Russian underground forums, according to Alfasi, used to collect sensitive information in the infected computers.
Identifying the fake websites is fairly easy, since they have a URL or details that don't match the legitimate coronavirus dashboards. For users to avoid falling victim to this new scam, it is recommended they only check on verified dashboards, such as John Hopkins or World Meters.