Malware From Fake COVID-19 Website

March 10, 2020 David Finn

The Health Sector Cybersecurity Coordination Center (HC3) has published a new alert. Please distribute through your proper channels, as appropriate.

A malicious website pretending to be the live map for Coronavirus COVID-19 Global Cases by Johns Hopkins University is circulating on the internet waiting for unwitting internet users to visit the website (corona-virus-map[dot]com). Visiting the website infects the user with the AZORult trojan, an information stealing program which can exfiltrate a variety of sensitive data. It is likely being spread via infected email attachments, malicious online advertisements, and social engineering. Furthermore, anyone searching the internet for a coronavirus map could unwittingly navigate to this malicious website.

Threat Details

A sample of the malware being deployed by “corona-virus-map[dot]com” was submitted, analyzed, and received an extremely malicious threat score of 100/100 with antivirus detection at 76%. This sample was labeled by Hybrid-Analysis as a Trojan.

Recommendations

End-users should be warned about this cybersecurity risk and security teams should blacklist any indicators associated with this specific threat. Indicators of compromise and analysis may be found here: https://blog.reasonsecurity.com/2020/03/09/covid-19-info-stealer-the-map-of-threats-threat-analysis-report/

Please contact COVID-19@cynergistek.com if you have any questions or concerns on how this could affect you.

 
Previous Article
User Access Monitoring in the Current COVID-19 Crisis
User Access Monitoring in the Current COVID-19 Crisis

It might be tempting for covered entities and business associates to put-off some of their regulatory or co...

Next Article
NRC Health recovering from ransomware attack
NRC Health recovering from ransomware attack