The websites that have this malware take web-based information and generate false data that makes them more deceptive.
Hackers have found a way to deprive users of private information by using maps showing coronavirus spread. A study about threat analysis notes that hackers spread malware which they disguise as a map of coronaviruses. When analyzed this malware was found to steal user credentials that include passwords, credit card numbers, and other browser information. This malware was found to have used a proven malicious program called AZORult to steal confidential user information.
The study from Reason Labs ‘ cyber-security researcher Shai Alfasi reports that hackers changed URLs or added different information while preserving the original website’s genuine look, preventing users from knowing something is wrong. The study notes that the graphical user interface (GUI) of the malware looks very convincing and it gathers information from the Internet to provide correct coronavirus readings. After entering such pages, the user is asked for a download that is disguised as an app that offers the latest information about the virus spread.
This software then gathers private data that the hackers will use to sell, access social media or manipulate bank accounts on the deep web. The malware ‘ activates a strain of malicious software known as AZORult’ which was first discovered in 2016. According to the news. “Cookies, ID/passwords, bitcoin and more are used to harvest browsing history. This can also download additional malware to computers that are compromised, “this adds.
Corona-virus-Map.com.exe was one of the applications examined by Alfasi. This is 3.26 MB and can only infect Windows computers as of now, as it is present in.exe format. At the same time as the malware program, Shai ran’ procmon’ and finds a “multi-sub process generated by’ CoronaMap.exe’ which is not the root process.” This.exe file generates another file called Corona.exe which is an archive containing execution commands. Upon further investigation, Shai found that the malware stored user account login data and transferred it to’ C:\Windows\Temp’ and generated a filed’ PasswordList.txt’ that stores all the information.