Cybercriminals continue to exploit the fear in the
Crooks are targeting users interested in the map representing the infection of COVID-19, in the campaign uncovered by the experts, the attackers are tricking them into downloading and running a malicious application that shows a map loaded from a legit online source.
“This demand creates a vulnerability that malicious actors have quickly taken advantage of by spreading malware disguised as a “Coronavirus map”.
Attackers are using the
Once the victims run the executable, the malware shows a GUI that looks very good and convincing. Upon execution, the GUI window loads information from the Johns Hopkins website, while the malware runs in the background.
The campaign spotted by the experts aims at spreading the AZORult info stealer, a popular malware that was employed in numerous attacks to steal browsing history, cookies, ID/passwords,
The malicious code could be used also to download additional malicious payloads onto infected machines.
The attack detailed by Reason Labs was first spotted by researchers from MalwareHunterTeam a few days ago.
Reason Labsì report also includes a link to the sample they have analyzed, ‘Corona-virus-Map.com.exe,’ along with indicators of compromise (IoCs).
Experts noticed that upon the execution of the Corona-virus-Map.com.exe, the malware creates duplicates of the Corona-virus-Map.com.exe file and multiple Corona.exe, Bin.exe, Build.exe, and Windows.Globalization.Fontgroups.exe files.
Additional technical details are included in the analysis shared by Reason Labs.