Hackers Steal Data Using Fake Coronavirus Spread Map

Cybercriminals are always quick to follow global trends, according to Xakep. In the past, attackers have exploited information about terrorist attacks and disasters for their own gain, and now they are actively taking advantage of the coronavirus pandemic. Users are lured to malicious websites and tricked into downloading malware through themed spam and even fake COVID-19 spread maps.

Reason Cybersecurity published a blog post analyzing the threats posed by a malicious program embedded in a file typically named Corona-virus-Map.com.exe, which is about 3.26 MB in size. Double-clicking the file opens a coronavirus spread map similar to the one developed by Johns Hopkins University in the United States to visualize and track coronavirus cases in real time.

The fake map contains the AZORult malware, which is designed to steal information. AZORult steals data from browsers, including cookies, browsing history, user IDs, passwords, and information related to cryptocurrencies.

According to ZDNet, government-backed hacker groups from China (Mustang Panda and Vicious Panda), North Korea (Kimsuky), and Russia (Hades, linked to APT28) have also taken notice of the pandemic. As early as February, coronavirus became a phishing lure, and now spam containing malicious documents or links supposedly related to COVID-19 is being used to attack Ukraine’s Ministry of Health, South Korean officials, and government organizations in Mongolia.