Malware From Fake COVID-19 Website

March 10, 2020 David Finn

The Health Sector Cybersecurity Coordination Center (HC3) has published a new alert. Please distribute through your proper channels, as appropriate.

A malicious website pretending to be the live map for Coronavirus COVID-19 Global Cases by Johns Hopkins University is circulating on the internet waiting for unwitting internet users to visit the website (corona-virus-map[dot]com). Visiting the website infects the user with the AZORult trojan, an information stealing program which can exfiltrate a variety of sensitive data. It is likely being spread via infected email attachments, malicious online advertisements, and social engineering. Furthermore, anyone searching the internet for a coronavirus map could unwittingly navigate to this malicious website.

Threat Details

A sample of the malware being deployed by “corona-virus-map[dot]com” was submitted, analyzed, and received an extremely malicious threat score of 100/100 with antivirus detection at 76%. This sample was labeled by Hybrid-Analysis as a Trojan.

Recommendations

End-users should be warned about this cybersecurity risk and security teams should blacklist any indicators associated with this specific threat. Indicators of compromise and analysis may be found here: https://blog.reasonsecurity.com/2020/03/09/covid-19-info-stealer-the-map-of-threats-threat-analysis-report/

Please contact COVID-19@cynergistek.com if you have any questions or concerns on how this could affect you.

 
Previous Article
OCR Allows Use of Videoconferencing During Coronavirus Emergency
OCR Allows Use of Videoconferencing During Coronavirus Emergency

Healthcare providers may provide treatment services to patients using a variety of non-public facing telehe...

Next Article
NRC Health recovering from ransomware attack
NRC Health recovering from ransomware attack

×

Subscribe to Our Monthly Cyber Bulletins with the Latest News, Tips and More!

First Name
Last Name
Company
State
Thank You!
Error - something went wrong!