Hackers are spreading misinformation including fake live maps of areas hit by Coronavirus disaster to spread Azorult malware.
There is probably no such calamity or crisis that cybercriminals would spare from exploiting for their personal gains and health disasters have become their most valuable commodities of late. Previously, we witnessed cybercriminals exploiting global events such as the Football World Cup, Christmas or disasters like missing Malaysia Plane (MH-370) to spread malware or misguide masses.
However, the Coronavirus health epidemic is the current favorite of cybercriminals. In January this year, HackRead.com’s Waqas reported how cybercriminals were using the Coronavirus disaster to spread fear and infect users’ devices with Emotet banking trojan.
Now, according to the IT security researchers at Reason Labs, hackers are exploiting the growing trend of researching and finding out more about the COVID-19 disease, aka coronavirus. They are using this curiosity to drop malware.
In a blog post, researchers explained that hackers are launching attacks through infected websites offering information on the disease. The sites are infected with Azorult malware, which is a data-stealing malware discovered in 2016.
These websites compel the user to download an application to stay updated on the latest news about the virus. Interestingly, this application is not installed but presents a map that reveals how the virus is spreading across the globe. This malicious map generates a binary file called CoronaMap.exe that gets installed on the victim’s device.
Hackers using fake live Coronavirus map to spread malware
Fake domain running fake live Coronavirus map (Image via Reason Lab)
As the internet offers a plethora of information on the rapidly spreading virus, innocent users are most likely to click on the wrong/malicious links and get their login credentials including usernames and passwords and financial information exposed or even hacked. Whatever information is stored on their browser will be stolen by hackers including cryptocurrencies.
It must be noted that there are genuine maps available that can be used to track coronavirus but the version hackers are using have fake URLs and their details also differ from the original source. Currently, the malware mainly targets Windows-based systems but Alfasi believes that a new version will soon be launched to infect different devices.