Hackers are Using Coronavirus Maps to Spread Malware

Hackers have been using the fear of the coronavirus to spread an infection of their own in the form of malware that has been discovered within coronavirus tracking maps. [TechRadar] This marks yet another way that bad actors have taken advantage of the fears of the current virus outbreak, which is already disrupting businesses around the world on its own. As usual, cybercriminals are using any confusion, fear, resulting in chaos to capitalize on people’s fears. This is not even the first time something like this was done — back in January of this year, hackers launched a coronavirus-based email campaign to infect people with malware. Now, they have expanded their reach and are using online maps for the same purpose. Coronavirus maps have been created by numerous organizations to keep track of the virus and its spreading, with many people relying on them to track the newest infection numbers. Shai Alfasi, from Reason Labs, recently reported that hackers are creating fake versions of such maps and dashboards to steal information. They are after data including passwords and user names, credit card numbers, and any other sensitive data that they can collect. While real maps offer the information as soon as the user enters the website, these fake ones require users to download an app that would help them keep track of the new developments. However, the user can be infected even if they do not install the app. As far as it is known so far, the malware seems to be only affecting Windows devices, although experts believe that it is only a matter of time before other systems are infected as well. Meanwhile, Alfasi stated that fake coronavirus maps use malware called AZORult to infect users’ devices. He added that the malware activates a strain of other malicious software, which is what AZORult is. It acts as an information thief and has been around since 2016. Apart from stealing sensitive data, it can also install other malware on the infected device. He also noted that the malware was most common in Russian underground online forums.