As the coronavirus outbreak continues to raise eyebrows around the world, the WHO has declared it a global pandemic. Many people are now using various tools at their disposal like coronavirus maps, made by several organizations, to keep tabs on the spreading infection.
As a result, these websites amass tons of traffic daily, and that is a call of action to hackers. This demand is proving to be beneficial to threat actors in various ways.
A recent report suggests that hackers have figured a way to infect these dashboards to inject computer malware. Specifically, the malicious actors have designed their websites posing to provide coronavirus updates.
Once a user visits these dubious websites, they are prompted to download an application to be updated on the situation frequently. The app works as advertised but doesn’t require any installation. By simply downloading it, your computer will then be infected by a malicious binary file.
“Hackers are now spreading malware disguised as a ‘Coronavirus map’, says Reason Labs’ cybersecurity researcher, Shai Alfasi.
Once a computer is infected, the malware can mine personal user data. These includes user names, passwords, credit card numbers and other sensitive information stored in the browser. Currently, only Windows computers can be infected.
The software used in these attacks is AZORult, which, according to Alfasi, is “used to steal browsing history, cookies, ID/passwords, cryptocurrency and more.”
The software traces its way back to 2016 and is a common tool traded on the Russian underground forums.
The current report is an addition to what CounterPoint Research warned earlier this month. The research firm cautioned that coronavirus-related domains are 50% more likely to infect you with malware.