- Security researchers at DomainTools have uncovered a vast number of domains used to promote the ploy.
- The campaign by the hacksters, however, doesn’t seem to be very successful.
- Hackers have been using coronavirus maps to trick users into installing malware-laden binary files on their machines.
Hackers are taking advantage of the devastating coronavirus crisis to spread malware. According to a new report by The Next Web, attackers are tricking Android device users into installing a malicious coronavirus tracker app that supposedly shows the spread of the virus in real-time.
Security researchers at DomainTools have uncovered a vast number of domains used to promote the ploy. Users inadvertently install the malware, which is disguised as a legitimate app. Dubbed CovidLock, it changes the phone’s screen-lock settings and asks the user to deposit $100 worth of bitcoin into the attacker’s crypto wallet to get the unlock code.
The pages used to promote the covert operation are legitimate-looking. One site claims to be verified by the World Health Organization and supported by the Centers for Disease Control and Prevention (CDC). The application additionally claims to send alerts when an infected person is nearby.
“Get Instant Notification when a Coronavirus Patient is Near You, View local coronavirus outbreak status in an easy to navigate app with data pulled directly from the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO).”
An analysis of some of the websites’ content and SSL certificates shows that they are affiliated with porn-related scams and other types of malware attacks. The campaign by the hacksters, however, doesn’t seem to be very successful. There is no evidence of money being sent to the associated bitcoin accounts. Android users are advised to only download apps from Google Play Store to avoid such infections.
There has been an upsurge in the number of fake coronavirus alert domains. An investigation by CheckPoint reveals that at least 50 percent of all new coronavirus domains have been built for malicious purposes. According to the report, over 4,000 coronavirus-related domains have been registered since January, and about 3 percent of them are malicious. Another 5 percent involve suspicious schemes.
Overall, the sheer number of malevolent domains has surpassed those used in other buncos, including Valentine scams.
Hackers Previously Targeted PCs
Hackers have been using coronavirus maps to trick users into installing malware-laden binary files on their machines. Among the most common types of malicious codes used for such exploits is the AZORult malware. Commonly sold on Russian hacker forums, it allows cybercriminals to hack into a machine, install other malware, and steal data. Cryptocurrencies can also be stolen by attackers using the malware.
The following are some of its capabilities, according to Shai Alfasi, a researcher at Reason Labs:
“It is used to steal browsing history, cookies, ID/passwords, cryptocurrency and more. It can also download additional malware onto infected machines.”
Another version of the virus creates a secret account on Windows that allows hackers to access personal files on the infected machine.