SCAM ALERT: COVID-19 Maps Used to Deploy Malware and Scrape Credentials

Scam linked to COVID-19 infographic map used to invade your computer and steal your data.

Recently Cybersecurity company Reason labs released a threat analysis report, detailing a new attack that takes advantage of internet users’ increased appetite for information about the novel coronavirus, COVID-19, that has now been categorised as a pandemic worldwide.

This Malware attack specifically targets those who are looking for cartographic presentations of the spread of COVID-19 on the internet, and when clicked, the webpage downloads malware in the background that can target your information and financial details and send them back to the perpetrator. To the viewer, it shows a map loaded from a legitimate online source but in the background, it compromises your computer.

New Threat with an Old Malware Component.

This latest threat, designed to steal information from unwitting victims, was first spotted by MalwareHurterTeam  last week and has now been analysed by Shai Alfasi, a cybersecurity researcher at Reason Labs.

It involves a malware identified as AZORult, an information- stealing, malicious software discovered in 2016 AZORult malware collects information stored in web browsers.  Particularly cookies, browsing histories, user ID’s. passwords and even cryptocurrency keys. With this data drawn from browsers, cybercriminals can steal credit card details, login credentials and various other sensitive information.

AZORult includes a variant that is capable of generating a hidden administrator account in infected computers, to enable connections via a Remote Desktop Protocol (RDP)

What happens when you click the file?

Double-clicking the file opens a window that shows various information about the spread of COVID-19. The centrepiece is a “map of infections” similar to the one hosted by Johns Hopkins University, a legitimate online source, to visualise and track reported coronavirus cases in real-time.

It presents a convincing picture, not many would suspect to be harmful. The information presented is not an amalgamation of random data, instead, it is actual COVID-19 information stolen from the Johns Hopkins website.

The map shared in the link below is provided by Johns Hopkins and is safe and has no malicious content whatsoever. Please use this link if looking for real-time information on the COVID-19 pandemic.
To read the full story please click here.
-------------------------------------------------------------------------------------

Here is another big story developing: While the world is struggling to cope with the COVID-19 outbreak, the Wool Exchange is Hit by a new virus, read the full story here.

Security Education: A good way to keep your staff updated about the latest security threat is by subscribing to the Think Secure Staff Education Program.

A creative 3-4 minute animated video helps portray breaches that real companies have suffered, explaining how the hackers gained access to the system and raise awareness about the potential ways in which employees can prevent such breaches.

If you have any more questions or want the security of your I.T. infrastructure reviewed, please feel free to email us at

Kris Campbell
"When trouble arises, it's imperative to be back on the keys as quickly as possible. 90% of calls to the Helpdesk are resolved within 10 minutes."

Kris Campbell
Think I.T. Team

Blog

Scalability Of The Modern Cloud Infrastructure Helps Reduce Operating Cost

As we stated in our previous blog, this week we are covering off the scalability of cloud platforms and the advantages this offers. When designing solutions for clients we are required to take into consideration the possible growth of the business over the next three to five years and size the solution accordingly. This translates to the solution being designed and built for the estimated...  more...