As the Coronavirus COVID-19 declared a pandemic by the World Health Organization, creating chaos and panic around the world. Cyber-criminals are also becoming the active actors and exploiting people’s curiosities and panic-filled responses with malicious emails and websites to infect their computers and steal sensitive data including passwords and credit card numbers.
Many organizations are taking precautionary steps and have made dashboards to keep track of COVID-19. Cyber criminals also found their way to use these dashboards and inject malware into computers.
One of the renowned security research centers, found that hackers designing websites related to coronavirus awareness in order to prompt you to download an application for keeping you updated on the situation. These applications do not need any installation to run and shows you a map of how COVID-19 is spreading while at backend it works to steal private information, credentials and info stored in your browser. However, it is a front for hackers to generate a malicious binary file and install it on your computer.
These malicious websites act as legitimate maps for tracking coronavirus but have a different URL or different details from the original source. Hackers gaining advantages of social engineering techniques to let people access these websites out of fear. These types of websites have been found to infect only Windows machines, but it is expected to be working on other Operating Systems.
It has been noted that hackers used a malicious software known as AZORult, which was first found in 2016. The researchers found that AZORult can steal info including browsing history, cookies, ID/passwords and cryptocurrency also it can download additional malware onto compromised machines. Recently its new variant installs an admin account that is kept secret on your machine to generate an attack. Hackers made the whole scenario so insidious that it almost mimics communications from expert sources namely the World Health Organization, the Centers for Disease Control and Prevention and Johns Hopkins University.
The fake map exploit reported when one of the renowned research universities, Johns Hopkins’ popular COVID-19 dashboard been replicated. It has been serving people to provide an updated information of the virus spread.
A malicious website named as “Corona-Virus-Map.com” claims to illustrate an up-to-date coronavirus tracking map just like the one at Johns Hopkins. It uses the same graphics and user interface to trick people and embed a severe trojan named as “corona.exe” a variant of AZORult. The executable has been distributed through malicious ads, email attachments and social engineering to steal information.
Phishing scams have always been pervasive cyber-attacks for hackers. In the current situation when every person wants to be updated about the spread and severity of the virus, creating an ideal environment for hackers. Phishing attacks are successful when a person gets an email which contains a virus as a lure in the subject line.
The email tries to inform about the virus and claimed to be from the World Health Organization or the Centers for Disease Control and Prevention. They also offer a chart that updates how many people have been cured or died. By clicking these links, target machine gets injected with the remote access trojans. It also downloads ransomware that will lock your computers and demand payment for the decryption key.
How to Prevent These Attacks
It is recommended that people should not click on the unknown links and use only verified dashboards to get information about the virus spread. Moreover, some useful tips to avoid these scenarios are:
- Enable Two Factor Authentication
- Verify the URL before typing it or clicking a link
- Do not enter your personal information
- Check out for spelling and grammatical errors
- If you revealed your passwords mistakenly, change it as soon as possible