This article was published on March 11, 2020

Hackers are using coronavirus maps to infect your computer


Hackers are using coronavirus maps to infect your computer Image by: Reason security

As coronavirus threatens to become a global pandemic, everyone’s keeping a close eye on how it’s spreading across the world. Several organizations have made dashboards to keep track of COVID-19. But now, hackers have found a way to use these dashboards to inject malware into computers.

Shai Alfasi, a security researcher at Reason Labs, found that hackers are using these maps to steal information of users including user names, passwords, credit card numbers, and other info stored in your browser. 

[Read: Google now displays health info from the NHS directly in search results]

Attackers design websites related to coronavirus in order to prompt you to download an application to keep you updated on the situation. This application doesn’t need any installation, and shows you a map of how COVID-19 is spreading. However, it is a front for attackers to generate a malicious binary file and install it on your computer.

The <3 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

Just to be clear, these websites pose as genuine maps for tracking coronavirus, but have a different URL or different details from the original source.

Currently, the malware only affects Windows machines. But Alfasi expects attackers to work on a new version that might affect other systems too. 

 

Alfasi noted that this method used malicious software known as AZORult, which was first found in 2016. The software is made to steal data from your computer and infect it with other malware as well. 

The researcher noted that AZORult can steal info from your computer including passwords and cryptocurrencies:

It is used to steal browsing history, cookies, ID/passwords, cryptocurrency and more. It can also download additional malware onto infected machines. AZORult is commonly sold on Russian underground forums for the purpose of collecting sensitive data from an infected computer. 

A new variant of AZORult installs a secret admin account on your computer to perform remote attacks. 

Earlier this month, research from security firm Check Point noted that coronavirus related domains are 50 percent more likely to install malware in your system.

While it’s important to gain information regarding coronavirus, you should only use verified dashboards to keep a tab on it to avoid getting hacked.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with