Coronavirus has been officially declared as a pandemic, causing plenty of panic and mayhem among many. In this climate, it would not be unusual if you were advertised a software that can show you a live map of coronavirus infections across the world and in your nation, and offer you the latest news and information on the novel virus strain.
It is exactly this that a host of cyber attackers are seemingly exploiting with a tool that is being circulated online and is titled 'Corona-virus-Map.com.exe'. It comes with a very convincing graphic interface that shows all the information that is promised to a user, but underneath its shell, the so-called coronavirus heat map runs a known malware that scrapes your browser data to steal passwords, credit card information, identification documents and more.
The flaw in question was discovered by cybersecurity researcher
Shai Alfasi of Reason Labs, who identified the tool's underlying malware as AZORult, a recognized malware that was discovered back in 2016. Alongside stealing data from an infected machine, the AZORult malware can also download additional malware to support the infection, and even create a hidden administrator account to gain high-level access to a user's system. The file is fairly inconspicuous, and measures only 3.26MB in size. The basic shell of the software, once installed, expands in the background via self-extracting folders to load malicious DLL files on to a system, therefore infecting a device at the root level.
What this essentially means is that, if you downloaded this very coronavirus map, or other related coronavirus tools recently, your data might be at risk. The tool has the ability to gain system-level access to encrypted databases of your browser that stores sensitive passwords to your accounts, your credit card data and possibly even saved identification documents. The data is then relayed back to a remote server, from which it is possible that your data may be sold in the dark web, compromising your online safety and financials. The underlying malware of this software is a known product of the Russian dark web, so it is unlikely that it is only this software that is using such malware.
Numerous cybersecurity researchers have reported in recent times that online threats are all set to rise due to the coronavirus pandemic. If you have downloaded such a tool recently, be sure to procure an antivirus software, download all of its updates, and scan and quarantine your PC. If you thankfully haven't, be sure to remain aware of such coronavirus tools, and not download any '.exe' files on your Windows PCs that you do not fully know about. To ensure that you remain safe, turn off automatic downloads on your PCs as well, use different passwords for all your accounts, and as a best practice case, try to not save your passwords and banking data on your PCs.
source
