Hackers are once again taking advantage of concerns of COVID-19 by using fake coronavirus maps to infect visitors with malware.
Detailed Monday by cybersecurity researcher Shai Alfasi from Reason Cybersecurity Ltd., the fake maps were founded to be attempting to infect unsuspecting visitors with the AZORult malware.
The malware, first discovered in 2016, is an information stealer that makes off with browsing history, cookies, ID/passwords, cryptocurrency and more. An AZORult variant, designed to create a new, hidden administrator account on the infected machine in order to allow Remote Desktop Protocol connections, was also detected.
Sold on Russian underground forums, AZORult was last in the news Feb. 5 when it was found to be one of several forms of malware that was being spread by the Atlassian Corp. Plc-owned git code hosting service Bitbucket.
Using coronavirus as an attack vector to target potential victims isn’t restricted to coronavirus-related maps alone. A report March 8 noted that scammers were taking advantage of the news through targeted phishing campaigns and scam websites. In one example, a Russian website was found to be offering “the best and fastest test for Coronavirus detection at the fantastic price of 19,000 Russian rubles (about US$300).”
“Attackers are looking for a vulnerability to deliver their attack,” Chris Rothe, co-founder and chief product officer at security operators provider Red Canary Inc., told SiliconANGLE. “In this case, people’s fear over the virus is the vulnerability attackers will look to capitalize on.”
He added that “if an individual is concerned or stressed about the virus they are less likely to remember their security training and will be more likely to, for example, click a link in a phishing email or give their credentials to a malicious web site.”
Colin Bastable, chief executive officer of security awareness training company Lucy Security AG, noted that the virus will affect a lot of organizations through cybercrime, as well as more general economic losses.
“People not used to working from home are more likely to have their guard down and will naturally be attracted to phishing sites such as this infection map,” Bastable explained. “While security teams focus on technology, bad actors focus on hacking people’s emotional responses with social engineering techniques that are closely aligned to marketing methods.”
What’s more, he added, remote workers may inadvertently introduce major threats as a result of the disruptions from the virus outbreak. “Patching people through heightened security awareness training will address up to 97% of the risk from cybercrime during this period of enhanced risk,” he said. “We should anticipate major losses from CEO fraud, ransomware attacks and credential harvesting over the next few months.”