Malware From Fake COVID-19 Website

March 10, 2020 David Finn

The Health Sector Cybersecurity Coordination Center (HC3) has published a new alert. Please distribute through your proper channels, as appropriate.

A malicious website pretending to be the live map for Coronavirus COVID-19 Global Cases by Johns Hopkins University is circulating on the internet waiting for unwitting internet users to visit the website (corona-virus-map[dot]com). Visiting the website infects the user with the AZORult trojan, an information stealing program which can exfiltrate a variety of sensitive data. It is likely being spread via infected email attachments, malicious online advertisements, and social engineering. Furthermore, anyone searching the internet for a coronavirus map could unwittingly navigate to this malicious website.

Threat Details

A sample of the malware being deployed by “corona-virus-map[dot]com” was submitted, analyzed, and received an extremely malicious threat score of 100/100 with antivirus detection at 76%. This sample was labeled by Hybrid-Analysis as a Trojan.


End-users should be warned about this cybersecurity risk and security teams should blacklist any indicators associated with this specific threat. Indicators of compromise and analysis may be found here:

Please contact if you have any questions or concerns on how this could affect you.

Previous Article
OCR Allows Use of Videoconferencing During Coronavirus Emergency
OCR Allows Use of Videoconferencing During Coronavirus Emergency

Healthcare providers may provide treatment services to patients using a variety of non-public facing telehe...

Next Article
HSCC Recommendations In Response To COVID-19
HSCC Recommendations In Response To COVID-19

The Healthcare and Public Health Sector Coordinating Council (HSCC) today released recommendations for heal...


Subscribe to Our Monthly Cyber Bulletins with the Latest News, Tips and More!

First Name
Last Name
Thank You!
Error - something went wrong!