Coronavirus has become a center of attention in the world. There is panic around the world because of the COVID-19 pandemic. The world is taking measures to protect people from the deadly coronavirus. There are rigorous checking and reporting of the coronavirus cases. There is awareness created all around the world. Where the world is made aware on the other side there are people are taking advantage of the situations. These people are the hackers that are using techniques to steal information by taking advantage of the COVID–19 outbreak. They are stealing the information to sell and earn money.
Coronavirus Maps Malware
People are scared and they are looking for information on the internet related to COVID-19. Hackers have developed and are still developing the Info-Stealer Map that shows the information of the Numbers of COVID-19 cases and secretly steals the information of the user from their browsers. There is a legitimate online source that allows you to visualize and track the reports of coronavirus cases. The legitimate online map source for corona tracking is hosted by Johns Hopkins University. The hackers have developed a map of infections that is similar to the original coronavirus map. The info stealer app gets access to the information that is stored on the browser of the victim.
The cybersecurity researcher Shai Alfasi at Reason Labs has analyzed the sample. The analyzed sample was the malware that displayed the information about the number of coronavirus cases and secretly stole the information of the victim. There was a similar Map of threats in the past. The information-stealing technique of the Malware is similar to the AZORult malware family.
The malware AZORult collected the information that was stored in the web browsers of the users. This information included the cookies of the user, their user IDs, their passwords, their browsing histories, and their cryptocurrency keys.
With the rise of cyber threats, the new technologies and apps are developed to monitor such criminal activities of the cybercriminals. The Analysed Sample is the Corona-virus-Map.com.exe (Win32 EXE) file. The graphical user interface of the malware is designed to look very convincing but the activity of the malware is to steal the information of the user from their browser. The hackers are taking advantage of the current SARS-COV-II situation and are exploiting their targets. They are infecting their targets with malware and stealing their sensitive information.
State-sponsored hackers using COVID-19 outbreak
The hackers aren’t the only people who are exploiting their victims, there are also sponsored hackers. The cyberspies of the government of North Korea, Russia, and China are also taking advantage of the situation. Their cyberspies are state-sponsored and they are using the COVID-19 themed emails for infecting the victims. The malware is infected by the state-sponsored spies and they are using the malware to gain access to the infrastructure of the user.
MalwareHunterTeam has detected that fake emails are used for phishing for taking advantage of the current situation. The subject of the fake email is Coronavirus Updates and it is from the fake sender using the name of World Health Organization. The email contains zip attachments. The zip attachment is an exe file with the name MyHealth. When you install the attachment, the malware downloader that is attached to the zip attachment is also installed. This malware downloader that installs the info stealer.
The infostealer that is installed by the malware downloader has infecting capabilities. The info stealer is capable of capturing the screenshot of the desktop of the victim, clears the cookies of the browser, downloads and executes the file, and monitors the clipboard.
Also, Hackers registering malicious Corona Virus (COVID-19) related domains to spread malicious activity and selling off malware using discounts on the dark web. Since January there is a spike in the number of registered domains (4000+) related to corona-virus based on Check Point Threat Intelligence.
Be aware and stay safe
In such a situation of crisis, people become vulnerable to hackers and their techniques. Companies allowing their employees to Work From Home (WFH) to stop spreading the COVID-19 outbreak. Companies and people become the target of hackers because they are in panic and the hackers know how to exploit the vulnerability of the people by taking advantage of the COVID-19 outbreak. This is why it is important to take measures to protect yourself online and for companies to use secure VPN Servers to protect from hackers.
Hacker using malware to target people and spread malicious infections to steal data in the COVID-19 outbreak. The malware gets installed in the desktop of the victim with the malware downloader and performs the function od stealing the information of the victims. The information stored in the browser is controlled and hacked by the malware. The researcher is using techniques and finding the malware that is infecting the device of the victim. The users should be careful and not become a victim of hackers.