Cybercriminals using Coronavirus pandemic conditions to distribute malware and to steal the user login credentials.
As spread of the Coronavirus becomes more rampant globally, and governments double up on up their efforts to combat the virus and protect its citizens, global news agencies hustle to answer the public’s demand for accurate information about new Corona related infections, deaths, transmissions, etc.
This news and media demand for information have created an open door for hackers who have quickly taken advantage of this “perceived need for info” by spreading malware disguised as a “Coronavirus map”.
Reason Labs’ cybersecurity researcher, Shai Alfasi, studied and examined this malware that had weaponized coronavirus map applications in order to steal credentials such as user names, passwords, credit card numbers and other sensitive information that is stored in the users’ browser. Attackers can use this information for multiple purposes, such as: selling it on the deep web or for gaining access to bank accounts or social media.
It is capable of stealing information from all browsers, Email clients and Cryptocurrency wallets. The following are the information shared with the C2 server.
Users are recommended not to click on the executable files and be aware of the attachments received.
The new malware activates a strain of malicious software known as AZORult. AZORult is an information stealer and was first discovered in 2016. It is used to steal browsing history, cookies, ID/passwords, cryptocurrency and more. It can also download additional malware onto infected machines. AZORult is commonly sold on Russian underground forums for the purpose of collecting sensitive data from an infected computer. There is also a variant of the AZORult that creates a new, hidden administrator account on the infected machine in order to allow Remote Desktop Protocol (RDP) connections.
As the coronavirus continues to spread and more apps and technologies are developed to monitor it, we will likely be seeing an increase in corona malware and corona malware variants well into the foreseeable future.
If you need assistance with cybersecurity contact DarkHound at [email protected]
Image and Source: https://cybersecuritynews.com/fake-coronavirus-maps/