SCAM ALERT: COVID-19 Maps Used to Deploy Malware and Scrape Credentials

Scam linked to COVID-19 infographic map used to invade your computer and steal your data.

Recently Cybersecurity company Reason labs released a threat analysis report, detailing a new attack that takes advantage of internet users’ increased appetite for information about the novel coronavirus, COVID-19, that has now been categorised as a pandemic worldwide.

This Malware attack specifically targets those who are looking for cartographic presentations of the spread of COVID-19 on the internet, and when clicked, the webpage downloads malware in the background that can target your information and financial details and send them back to the perpetrator. To the viewer, it shows a map loaded from a legitimate online source but in the background, it compromises your computer.

New Threat with an Old Malware Component.

This latest threat, designed to steal information from unwitting victims, was first spotted by MalwareHurterTeam  last week and has now been analysed by Shai Alfasi, a cybersecurity researcher at Reason Labs.

It involves a malware identified as AZORult, an information- stealing, malicious software discovered in 2016 AZORult malware collects information stored in web browsers.  Particularly cookies, browsing histories, user ID’s. passwords and even cryptocurrency keys. With this data drawn from browsers, cybercriminals can steal credit card details, login credentials and various other sensitive information.

AZORult includes a variant that is capable of generating a hidden administrator account in infected computers, to enable connections via a Remote Desktop Protocol (RDP)

What happens when you click the file?

Double-clicking the file opens a window that shows various information about the spread of COVID-19. The centrepiece is a “map of infections” similar to the one hosted by Johns Hopkins University, a legitimate online source, to visualise and track reported coronavirus cases in real-time.

It presents a convincing picture, not many would suspect to be harmful. The information presented is not an amalgamation of random data, instead, it is actual COVID-19 information stolen from the Johns Hopkins website.

The map shared in the link below is provided by Johns Hopkins and is safe and has no malicious content whatsoever. Please use this link if looking for real-time information on the COVID-19 pandemic.
To read the full story please click here.

Here is another big story developing: While the world is struggling to cope with the COVID-19 outbreak, the Wool Exchange is Hit by a new virus, read the full story here.

Security Education: A good way to keep your staff updated about the latest security threat is by subscribing to the Think Secure Staff Education Program.

A creative 3-4 minute animated video helps portray breaches that real companies have suffered, explaining how the hackers gained access to the system and raise awareness about the potential ways in which employees can prevent such breaches.

If you have any more questions or want the security of your I.T. infrastructure reviewed, please feel free to email us at

Kris Campbell
"When trouble arises, it's imperative to be back on the keys as quickly as possible. 90% of calls to the Helpdesk are resolved within 10 minutes."

Kris Campbell
Think I.T. Team


4 Action Steps to Prepare your Business for the upcoming Privacy Act Changes

With NZ privacy laws changing and the revised Privacy Act coming into play on the 1st December 2020, make sure your business is prepared. To ensure you have the knowledge to stay on top of this, we have put together four action steps you can take now, to prepare for these changes.   1. Client Information and Data Storage   It is...  more...