Hackers have discovered a way to take advantage of maps depicting the spread of the coronavirus to suck users into a trap that allows them to access private information and even take over electronic devices. Script A study on threat analysis reports hackers distribute malware under the guise of a map of coronaviruses. Upon further investigation this malware was discovered that it steals user credentials which include passwords, credit card numbers, and other browser related information. The virus was found using a known notorious malware called AZORult to exfiltrate sensitive user data.
Coronavirus Maps Are Shaking Up the Digital Ad Market Hackers Are Using Fake Coronavirus Maps to Spread Malware Hackers Use Coronavirus Fears to Steal Information Online
How Hackers Use Coronavirus Maps to Steal User Data
Hackers use bogus coronavirus maps to infect user systems. They’ve disguised the malware as virus-spread maps. The malware scrapes private data such as passwords and credit card information. It employs a malware program called AZORult. The program has a history of stealing proprietary information.
There is a clever trick that malware operators use in order to hide malicious Websites, shown in a study complied by Shai Alfasi, a cyber-security researcher at Reason Labs. They masquerade URLs as though they were real websites. The graphical interface for the malware is fairly convincing. Users think they are seeing accurate information about the virus. Once the page is accessed, users are prompted to download a bogus app.
This app is harvesting your private data. It is then sold or used for social media or bank account manipulation. Among the stolen data: cookies, IDs, passwords and bitcoin. It records browsing history as well. The malware is capable of also “fetching” additional malicious programs to infected systems.
How the Malware Operates and Propagates
One of the malware apps, Corona-virus-Map, was also analyzed by Shai Alfasi. com. exe. This 3.26 MB file is only applicable to Windows PCs. The file is in. exe format. It spawns various processes when executed. One of the archives generated is called Corona. exe which would hold instructions to execute. It logs the user login information in a file named PasswordList. txt.
Alfasi noted that this information was written to C:\Windows\Temp by the malware. It then sends the information to hackers. Hackers are using online shared Personal information against us.
Check out: Thousands of fingerprint data exposed in the unsecured database