In light of the current COVID-19 outbreak, the general public would want to stay up to date with the latest developments. During the health emergency, there are cybercriminals that are taking advantage of the situation by spreading malware through “Coronavirus” applications.
A PC application ( Corona-virus-Map.com.exe ) disguised as a Coronavirus map has been found to be spreading malware. According to cybersecurity researcher, Shai Alfasi, the malware had weaponised the application to steal personal details such as usernames, passwords, credit card info and other information that is stored in users’ browsers.
The Malware responsible is identified as AZORult which was first spotted in 2016. When a machine is infected, it is used to steal browsing history, cookies, passwords, cryptocurrency keys and more. In addition, it is also capable of downloading additional malware on the infected machine. AZORult is reported to be commonly sold in Russian underground forums and there’s a variant which quietly creates an admin account which would provide perpetrators remote desktop access to the infected machine.
For unsuspecting victims, the app looks harmless as it appears to be identical to Johns Hopkins University’s Coronavirus map. When the 3.26MB file is executed, it will create duplicates of Corona-virus-Map.com.exe, Corona.exe, Bin.exe, Build.exe and Windows.Globalization.Fontgroups.exe files.
According to Alfasi, there are APIs that facilitate the decryption of saved passwords from infected web browsers and then it moves it to a temporary folder. The malware will also try to steal login data from online accounts which include Telegram and Steam. The stealing of data happens automatically and all it takes is for a user to execute the malware. The security expert recommends using anti-virus software to fix infected machines and to block potential malware attacks.
If you want to stay up-to-date with the latest COVID-19 situation, you can follow the Ministry of Health Malaysia on Twitter and Facebook. Do not attempt to download and run any strange files that you receive from unknown sources.
[ SOURCE ]
Malaysia Airlines has temporarily grounded its brand new Airbus A330neo after completing four commercial flights.…
Pro-Net recently revealed that you only need to service the new Proton e.MAS 7 EV…
The Proton e.MAS 7 is one of the most value for money SUVs at the…
Samsung has announced that it will be holding its press conference titled "AI for All:…
Modern smartphones are very capable computing devices, thanks to powerful hardware trickling down the price…
If you're a CelcomDigi Postpaid 5G customer and can't get fibre broadband for your home,…
This website uses cookies.