With so many of us searching for the latest Covid-19 information, it hasn’t taken long for hackers to take advantage.
First of all, a basic hygiene reminder: don’t download anything or click any links from unknown sources. This includes maps, guides, and applications related to the coronavirus.
Here’s a closer look at some of the specific threats that have emerged in the last week or so …
Fake maps and boards
Several legitimate organizations (for example, John Hopkins University) have created panels with interactive maps to illustrate the spread of the infection.
As reported on TechRadar, Shai Alfasi, a security researcher at Reason Labs, discovered that hackers have created fake versions of these maps and dashboards to steal user information.
These bogus sites ask users to download an app to stay updated. This download activates a strain of malware known as AZORult. This is used to steal users browsing history, cookies, passwords, etc. It can also be used as a gateway to download additional malware onto users’ machines.
DomainTools‘ security research team has discovered at least one example of a bogus coronavirus-related application.
The Android application in question was discovered in a newly created domain, (coronavirusapp[.] Site). The site asks users to download an Android app to gain access to a coronavirus app tracker, statistical information, and heatmap visuals.
The app actually contains a never-before-seen ransomware app called CovidLock. When downloading, the screen of the device is locked and the user receives a demand of $ 100 in bitcoins to avoid content deletion.
From January to about 12 days ago, over 4,000 new coronavirus-themed domains were registered.
According to TNW, 3% of these new domains were marked as malicious and another 5% as suspicious. This is 50% higher than the usual rates for recently registered domains.
Many of the recently registered coronavirus-related domains are believed to have been created as vehicles for phishing attempts.
A notable recent attempt hit nearly 10% of organizations in Italy. He tried to trick users into opening an information pack from the World Health Organization. In fact, the link released a banking Trojan, designed to steal the recipient’s credentials.
Other phishing attempts are directed specifically at remote workers. In an example highlighted by Mimecast, hackers scammed recipients with fake messages, directing them to a fake OneDrive login and inviting them to upload “company policies”.
At the time of the initial report, Mimecast had seen over 300 instances of this campaign.
In recent weeks, there have been reports of government-backed groups from China, North Korea and Russia capitalizing on the outbreak.
A QiAnXin researcher highlighted a campaign by the Russian group, Hades, targeting organizations in Ukraine. This involved the transmission of a backdoor Trojan, disguised in emails purporting to be from the Ukrainian Center for Public Health.
The message is clear: Be aware of all incoming communications and unknown sources.
Have you found any malicious activity? Let us know below …