In light of the current COVID-19 outbreak, the general public would want to stay up to date with the latest developments. During the health emergency, there are cybercriminals that are taking advantage of the situation by spreading malware through “Coronavirus” applications.
A PC application ( Corona-virus-Map.com.exe ) disguised as a Coronavirus map has been found to be spreading malware. According to cybersecurity researcher, Shai Alfasi, the malware had weaponised the application to steal personal details such as usernames, passwords, credit card info and other information that is stored in users’ browsers.
The Malware responsible is identified as AZORult which was first spotted in 2016. When a machine is infected, it is used to steal browsing history, cookies, passwords, cryptocurrency keys and more. In addition, it is also capable of downloading additional malware on the infected machine. AZORult is reported to be commonly sold in Russian underground forums and there’s a variant which quietly creates an admin account which would provide perpetrators remote desktop access to the infected machine.
For unsuspecting victims, the app looks harmless as it appears to be identical to Johns Hopkins University’s Coronavirus map. When the 3.26MB file is executed, it will create duplicates of Corona-virus-Map.com.exe, Corona.exe, Bin.exe, Build.exe and Windows.Globalization.Fontgroups.exe files.
According to Alfasi, there are APIs that facilitate the decryption of saved passwords from infected web browsers and then it moves it to a temporary folder. The malware will also try to steal login data from online accounts which include Telegram and Steam. The stealing of data happens automatically and all it takes is for a user to execute the malware. The security expert recommends using anti-virus software to fix infected machines and to block potential malware attacks.
If you want to stay up-to-date with the latest COVID-19 situation, you can follow the Ministry of Health Malaysia on Twitter and Facebook. Do not attempt to download and run any strange files that you receive from unknown sources.
[ SOURCE ]