SCAM ALERT: COVID-19 Maps Used to Deploy Malware and Scrape Credentials

Scam linked to COVID-19 infographic map used to invade your computer and steal your data.

Recently Cybersecurity company Reason labs released a threat analysis report, detailing a new attack that takes advantage of internet users’ increased appetite for information about the novel coronavirus, COVID-19, that has now been categorised as a pandemic worldwide.

This Malware attack specifically targets those who are looking for cartographic presentations of the spread of COVID-19 on the internet, and when clicked, the webpage downloads malware in the background that can target your information and financial details and send them back to the perpetrator. To the viewer, it shows a map loaded from a legitimate online source but in the background, it compromises your computer.

New Threat with an Old Malware Component.

This latest threat, designed to steal information from unwitting victims, was first spotted by MalwareHurterTeam  last week and has now been analysed by Shai Alfasi, a cybersecurity researcher at Reason Labs.

It involves a malware identified as AZORult, an information- stealing, malicious software discovered in 2016 AZORult malware collects information stored in web browsers.  Particularly cookies, browsing histories, user ID’s. passwords and even cryptocurrency keys. With this data drawn from browsers, cybercriminals can steal credit card details, login credentials and various other sensitive information.

AZORult includes a variant that is capable of generating a hidden administrator account in infected computers, to enable connections via a Remote Desktop Protocol (RDP)

What happens when you click the file?

Double-clicking the file opens a window that shows various information about the spread of COVID-19. The centrepiece is a “map of infections” similar to the one hosted by Johns Hopkins University, a legitimate online source, to visualise and track reported coronavirus cases in real-time.

It presents a convincing picture, not many would suspect to be harmful. The information presented is not an amalgamation of random data, instead, it is actual COVID-19 information stolen from the Johns Hopkins website.

The map shared in the link below is provided by Johns Hopkins and is safe and has no malicious content whatsoever. Please use this link if looking for real-time information on the COVID-19 pandemic.
To read the full story please click here.

Here is another big story developing: While the world is struggling to cope with the COVID-19 outbreak, the Wool Exchange is Hit by a new virus, read the full story here.

Security Education: A good way to keep your staff updated about the latest security threat is by subscribing to the Think Secure Staff Education Program.

A creative 3-4 minute animated video helps portray breaches that real companies have suffered, explaining how the hackers gained access to the system and raise awareness about the potential ways in which employees can prevent such breaches.

If you have any more questions or want the security of your I.T. infrastructure reviewed, please feel free to email us at

Norman Johnston
"The most powerful motivating factor for employees is seeing tangible progress whilst performing meaningful work. Effective information Technology achieves this objective."

Norman Johnston
Think I.T. Team


The Top 5 Threats to Your IT Infrastructure

  With cyberattacks becoming more sophisticated, the security landscape is quickly changing. A recent study shows that small to medium-sized businesses globally are facing an increase in phishing attacks by 57%, compromised or stolen devices by 33%, and credential theft by 30%. New Zealand businesses in 2019 saw a 38% increase in reported cyber attacks...  more...