Hackers are using fake coronavirus maps to spread malware

Hackers are using fake coronavirus maps to spread malware

The FINANCIAL -- There have identified several fake coronavirus tracker maps that infect people's computers with malware. The tactic starts with hackers circulating links to malicious websites disguised as COVID-19 maps. When there is a crisis, people are hungry for information.

As people seek out information about the spread of COVID-19, hackers are circulating fake dashboard that purport to show maps tracking the spread of coronavirus but that actually infect people's computers with malware when opened. The tactic starts with hackers circulating links to malicious websites disguised as COVID-19 maps, either on social media or through misleading emails. When people open the sites, they're directed to open an applet that can infect their device with AZORult, a years-old malware that steals data like login credentials and banking info. It's one of many ways that hackers are capitalizing on fears surrounding the outbreak, Business Insider reported.

Back in January, hackers used the coronavirus to launch email campaigns that infected users with malware and now they've begun to use coronavirus maps to do so as well. Many organizations including John Hopkins University have created dashboards to keep track of the spread of the coronavirus and many people rely on these dashboards to stay up to date with the latest infection numbers. Unlike legitimate coronavirus dashboards, these fake websites prompt users to download an application to help them stay updated on the situation. This application doesn't even need to be installed to infect a user's computer with malware. As of now, the malware only affects Windows devices but Alfasi expects that hackers will find a way to develop a new version that can infect other operating systems as well, TechRadar wrote.

Among the most sophisticated efforts has been a campaign by a group of Chinese hackers, dubbed Vicious Panda by cybersecurity researchers at Check Point, an Israeli-based technology company. In its report Thursday, Check Point called Vicious Panda an “advanced persistent threat,” a designation reserved for the most technically adept and well-organized attackers, often having government backing. Vicious Panda used a fake document, purportedly disclosing coronavirus infection information from the Mongolian Health Ministry, to lure Internet users into sharing sensitive personal information, with the goal of gaining access to computers and smartphones, according to the Check Point report. Check Point reported it had found 4,000 new website domains related to the coronavirus, with 3 percent containing malicious software, according to The Washington Post.

The FBI is tracking so-called phishing campaigns that seek to use people's interest in the coronavirus to get them to click on links that encourage them to reveal sensitive login information, a top FBI official said. "One of the things that's most concerning to us are phishing scams with a coronavirus theme," said Herb Stapleton, a section chief in the FBI's cyber criminal section. "This is a vector or an approach that we didn't see three months ago and now is suddenly successful." Cybercriminals "recognize that when there is a crisis, people are hungry for information — they are looking for whatever is new," said Shawn Henry, who once headed the FBI's cyber division, NBC wrote.

The World Health Organization (WHO), Federal Trade Commission (FTC), Securities and Exchange Commission (SEC) and the Better Business Bureau have all issued warnings in recent weeks about the uptick in criminal scams tied to the coronavirus. These messages can be highly convincing because criminals frequently use professional “phishing kits” that perfectly match the logos and email formats of legitimate organizations. Hackers will also use tactics like “combosquatting” and “typosquatting” to create fake URLs that are easy to fall for. The authenticity of text messages and caller ID are also difficult to verify. Criminals will frequently combine these methods into a single attack, so that a person will get both a phone call and an email, or an email and a text message, etc., which makes it more likely they will fall for it, Yahoo Finance reported.

Also, BM X-Force has identified a spam campaign targeting users in Japan that employs the Coronavirus scare as a lure to encourage people to open malicious emails. The messages contain Microsoft Office files loaded with macros that, when enabled, launch an infection routine that delivers the Emotet Trojan. Japan is also becoming a more lucrative target for all cybercrime groups ahead of the 2020 Olympic games, which are scheduled to take place in the country’s capital in the summer of 2020, Security Intelligence wrote.

Author: The FINANCIAL


Videos

Watch the video