Hackers are infecting PCs, stealing passwords with coronavirus maps
With the worldwide outbreak of coronavirus, organizations have resorted to creating maps indicating the continually evolving situation in every country. The digital representation of the pandemic helps with easy tracking, but some notorious attackers are using this tool to spread malware capable of compromising computers and stealing confidential data like passwords, credit card numbers et al. Here's all you need to know about it.
Maps to help with tracking coronavirus outbreak
Ever since coronavirus began spreading from the Chinese city of Wuhan, organizations like America's John Hopkins University have launched dashboards for tracking the spread of the disease, complete with the total and country-wise number of cases and deaths. Initially, only a few sites provided this data but given the seriousness of the issue, more dashboards, including some unreliable ones, have also cropped up lately.
These sites ask users to download 'infected' tracking application
Shai Alfas, a security researcher at Reason Labs, says threat actors are creating malicious, albeit seemingly legit, coronavirus-related websites. The platforms prompt the viewer to download an application to track the situation of the outbreak, but that's just a front. The application shows a genuine-looking outbreak map, and then installs a malicious binary, dubbed AZORult, in the background - to compromise the user's PC.
Then, the binary steals data from PC
Once the binary infects the PC, it can steal a wide range of data from the system, starting from cryptocurrencies to confidential ID-passwords stored in the browser. Beyond that, it can also install additional malware and create an admin account to let hackers perform remote attacks on the PC in question. The malware had first surfaced in 2016, according to The Next Web.
What Alfasi said about the binary
"It is used to steal browsing history, cookies, ID/passwords, cryptocurrency and more. It can also download additional malware onto infected machines. AZORult is commonly sold on Russian underground forums for the purpose of collecting sensitive data from an infected computer."
How to avoid an attack?
While there is no way to take down the malicious dashboards on the internet, you can surely follow some basic steps to avoid getting duped. For one, we'd recommend using only verified portals to check the situation of the outbreak, like the one from JHU. Secondly, install a reliable antivirus so that the malware can be dealt with if it infects your PC.